s{(
   http://
   [^\]\})>\s]+         # Won't allow any of these.
   (?<=[a-zA-Z0-9/&=])  # Must end with one of these.
)}{
   '<a href="' .
   escape_html_value($1) .
   '">' .
   escape_html_text($1) .
   '</a>'
}xeg;

sub escape_html_value # Escapes at least: & => &amp;  " => &quot;
sub escape_html_text  # Escapes at least: & => &amp;  < => &lt;