ZF2: Who should escape & delimiter for href when using Url helper?

When I use url helper to generate url for route with query params and then add that url to link href, validator warns me, that there is unescaped & in attribute:

<a href="/users/?order=asc&by=userId">▲</a>

I tried to search but still I'm not sure who is responsible for escaping that.

• Router generates url but that might be used anywhere, not only in html attribute, so it correctly does no escaping in his case.
• Url helper does not change anything in that url but it is meand for use in html so it might done here
• View template - there url is put inside href attribute, so it might be here too

I couldn't find any clue how to decide this and if fill an issue with zf2 about this.

EDIT: html/php code from paginator

<a href="<?php echo $this->url($this->route, [], ['query' => array_merge($this->query, ['page' => $this->first])]) ?>">&lt;&lt;</a>

generates html

<a href="/rates?page=1&order=desc&by=dateValid">&lt;&lt;</a>

and from what I found it should be

<a href="/rates?page=1&amp;order=desc&amp;by=dateValid">&lt;&lt;</a>

I would argue that the current behavior (not HTML entity encoding) is correct and it is up to the developer to encode HTML entities, when appropriate. For instance you may want to use the view helper inside a <script> tag, where the HTML entities would be uncalled for.