comrak operates by default in a "safe"
mode of operation where unsafe content, such as arbitrary raw HTML or URLs with
non-standard schemes, are not permitted in the output. This is per the
reference GFM implementation, cmark-gfm.
Ampersands were not being correctly escaped in link targets, making it possible
to fashion unsafe URLs using schemes like
them as HTML entities, e.g.
data:. The intended
behaviour, demonstrated upstream, is that these should be escaped and therefore
harmless, but this behaviour was broken in comrak.