It really depends on what you have in that attribute.
If you have href="?something&=whatever" you run into a problem if you don't escape the '&'.
If you have href="?something& whatever" you also run into a problem.
Or if you have href="?something&,something" for that matter.
So if you know for a fact that the thing after your maybe-entity-name is an equals char, you're probably OK. Otherwise, likely not.
Comment
So as long as I always bundle the key and value with a = in between I'm safe.
Parent comment
It really depends on what you have in that attribute. If you have href="?something&=whatever" you run into a problem if you don't escape the '&'. If you have href="?something& whatever" you also run into a problem. Or if you have href="?something&,something" for that matter. So if you know for a fact that the thing after your maybe-entity-name is an equals char, you're probably OK. Otherwise, likely not.
Replies
Not if the unquoted thing is in the value. "?something=&&" behaves identically to "?something=&&".
Not to mention the fact that, of course, the unquoted '&' will terminated the key-value pair.