diff --git a/Parsedown.php b/Parsedown.php
index 47484d8..67eec34 100755
--- a/Parsedown.php
+++ b/Parsedown.php
@@ -550,15 +550,17 @@ class Parsedown
 		{
 			foreach ($matches as $matches)
 			{
+				$url = $this->escape_special_characters($matches[4]);
+				
 				if ($matches[1]) # image 
 				{
-					$element = '<img alt="'.$matches[3].'" src="'.$matches[4].'">';
+					$element = '<img alt="'.$matches[3].'" src="'.$url.'">';
 				}
-				else 
+				else
 				{
 					$element_text = $this->parse_inline_elements($matches[3]);
 					
-					$element = '<a href="'.$matches[4].'">'.$element_text.'</a>';
+					$element = '<a href="'.$url.'">'.$element_text.'</a>';
 				}
 				
 				# ~ 
@@ -588,6 +590,7 @@ class Parsedown
 				if (isset($this->reference_map[$link_definition]))
 				{
 					$url = $this->reference_map[$link_definition];
+					$url = $this->escape_special_characters($url);
 					
 					if ($matches[1]) # image 
 					{
@@ -613,13 +616,17 @@ class Parsedown
 			}
 		}
 		
+		# Automatic Links 
+		
 		if (strpos($text, '<') !== FALSE and preg_match_all('/<((https?|ftp|dict):[^\^\s]+?)>/i', $text, $matches, PREG_SET_ORDER))
 		{
 			foreach ($matches as $matches)
 			{
+				$url = $this->escape_special_characters($matches[1]);
+				
 				$element = '<a href=":href">:text</a>';
-				$element = str_replace(':text', $matches[1], $element);
-				$element = str_replace(':href', $matches[1], $element);
+				$element = str_replace(':text', $url, $element);
+				$element = str_replace(':href', $url, $element);
 				
 				# ~ 
 				
@@ -633,6 +640,12 @@ class Parsedown
 			}
 		}
 		
+		# ~ 
+		
+		$text = $this->escape_special_characters($text);
+
+		# ~ 
+		
 		if (strpos($text, '_') !== FALSE)
 		{
 			$text = preg_replace('/__(?=\S)(.+?)(?<=\S)__/', '<strong>$1</strong>', $text);
@@ -649,5 +662,13 @@ class Parsedown
 		
 		return $text;
 	}
-}
-
+	
+	private function escape_special_characters($text)
+	{
+		strpos($text, '&') !== FALSE and $text = preg_replace('/&(?!#?\w+;)/', '&amp;', $text);
+		
+		$text = str_replace('<', '&lt;', $text);
+		
+		return $text;
+	}
+}
\ No newline at end of file
diff --git a/tests/data/special_characters.html b/tests/data/special_characters.html
new file mode 100644
index 0000000..4ee8994
--- /dev/null
+++ b/tests/data/special_characters.html
@@ -0,0 +1,8 @@
+<p>AT&amp;T has an ampersand in their name.</p>
+<p>AT&amp;T is another way to write it.</p>
+<p>This &amp; that.</p>
+<p>4 &lt; 5 and 6 > 5.</p>
+<p>Here's a <a href="http://example.com/?foo=1&amp;bar=2">link</a> with an ampersand in the URL.</p>
+<p>Here's an inline <a href="/script?foo=1&amp;bar=2">link</a>.</p>
+<hr />
+<p>Based on <a href="http://daringfireball.net/projects/downloads/MarkdownTest_1.0.zip">the original</a> test suite.</p>
\ No newline at end of file
diff --git a/tests/data/special_characters.md b/tests/data/special_characters.md
new file mode 100644
index 0000000..7fae287
--- /dev/null
+++ b/tests/data/special_characters.md
@@ -0,0 +1,17 @@
+AT&T has an ampersand in their name.
+
+AT&amp;T is another way to write it.
+
+This & that.
+
+4 < 5 and 6 > 5.
+
+Here's a [link] [1] with an ampersand in the URL.
+
+Here's an inline [link](/script?foo=1&bar=2).
+
+[1]: http://example.com/?foo=1&bar=2
+
+---
+
+Based on [the original](http://daringfireball.net/projects/downloads/MarkdownTest_1.0.zip) test suite.
\ No newline at end of file