In the Syntax help the href-parameters are not escaped, causing bare &
in the href attr. (It is only the html-macro that fixes this afterwards via clean="true" ...)
So this is currently not a problem, but it might create a problem if someone messes with e.g. the $extraParams in the code; better escape it manually.