bug: Linkify incorrectly parses query params starting with "&para"

[filak]

• Python Version: 3.10.4
• Bleach Version: 5.0.0

To Reproduce

from bleach import Linker
linker = Linker()
text = 'http://test.com?a=1&par=1&parameterA=2'
print(linker.linkify(text))
## prints:   <a href="http://test.com?a=1&amp;par=1¶meterA=2" rel="nofollow">http://test.com?a=1&amp;par=1¶meterA=2</a>

Expected behavior

## prints:   <a href="http://test.com?a=1&amp;par=1&amp;parameterA=2" rel="nofollow">http://test.com?a=1&amp;par=1&amp;parameterA=2</a>

Additional context

I believe this might happen somewhere in the html5lib_shim.py / BleachHTMLSerializer class:

bleach/bleach/html5lib_shim.py

Line 661 in ed06d4e

class BleachHTMLSerializer(HTMLSerializer):

[willkg]

&para is being consumed as an entity. We fixed this in clean and I think we need to fix linkify in a similar way.

[filak]

There are more entities with the same effect, ie. &not &reg :

from bleach import Linker
linker = Linker()
text = 'http://test.com?a=1&notify=1&register=2'
print(linker.linkify(text))
## prints:   <a href="http://test.com?a=1¬ify=1®ister=2" rel="nofollow">http://test.com?a=1¬ify=1®ister=2</a>

[jvanasco]

Adding for context:

This is related to #294 . The W3C calls this "fragile syntax".

IIRC, prior to the HTML5 spec the trailing semicolon for named references was NOT required, but it has been required since then. (see "Errors involving fragile syntax constructs" in the original https://dev.w3.org/html5/spec-LC/Overview.html and the current https://html.spec.whatwg.org/#syntax-errors )