When I use url helper to generate url for route with query params and then add that url to link href, validator warns me, that there is unescaped & in attribute:
<a href="/users/?order=asc&by=userId">▲</a>
I tried to search but still I'm not sure who is responsible for escaping that.
I couldn't find any clue how to decide this and if fill an issue with zf2 about this.
EDIT: html/php code from paginator
<a href="<?php echo $this->url($this->route, [], ['query' => array_merge($this->query, ['page' => $this->first])]) ?>"><<</a>
generates html
<a href="/rates?page=1&order=desc&by=dateValid"><<</a>
and from what I found it should be
<a href="/rates?page=1&order=desc&by=dateValid"><<</a>
I would argue that the current behavior (not HTML entity encoding) is correct and it is up to the developer to encode HTML entities, when appropriate.
For instance you may want to use the view helper inside a <script>
tag, where the HTML entities would be uncalled for.