They need to be percent-encoded: > encodeURIComponent('&') "%26" So in your case, the URL would look like: http://www.mysite.com?candy_name=M%26M