diff --git a/core/misc/active-link.js b/core/misc/active-link.js
index e3ca0e239a9abdd40816b1a0f2df96fc88771110..464e9a4044f0af4b7391edccd9ec48a623bfbe45 100644
--- a/core/misc/active-link.js
+++ b/core/misc/active-link.js
@@ -23,11 +23,11 @@
       // Start by finding all potentially active links.
       const path = drupalSettings.path;
       const queryString = JSON.stringify(path.currentQuery);
-      const querySelector = path.currentQuery
-        ? `[data-drupal-link-query='${queryString}']`
+      const querySelector = queryString
+        ? `[data-drupal-link-query="${CSS.escape(queryString)}"]`
         : ':not([data-drupal-link-query])';
       const originalSelectors = [
-        `[data-drupal-link-system-path="${path.currentPath}"]`,
+        `[data-drupal-link-system-path="${CSS.escape(path.currentPath)}"]`,
       ];
       let selectors;
 
diff --git a/core/modules/system/tests/src/FunctionalJavascript/ActiveLinkTest.php b/core/modules/system/tests/src/FunctionalJavascript/ActiveLinkTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..5d2a2848aa04b88dc54d05b0f1eb69f687ccec14
--- /dev/null
+++ b/core/modules/system/tests/src/FunctionalJavascript/ActiveLinkTest.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\system\FunctionalJavascript;
+
+use Drupal\FunctionalJavascriptTests\WebDriverTestBase;
+
+/**
+ * Tests active link JS behavior.
+ *
+ * @see Drupal.behaviors.activeLinks
+ *
+ * @group system
+ */
+class ActiveLinkTest extends WebDriverTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected $defaultTheme = 'stark';
+
+  /**
+   * Ensures no JS error is thrown with query strings containing special chars.
+   */
+  public function testQueryStringQuotes(): void {
+    $user = $this->createUser();
+    $this->drupalLogin($user);
+    $this->drupalGet($this->getSession()->getCurrentUrl(), ['query' => ['foo' => "\"'[](){}*+~>|\\/:;,.!@#$%^&-_=?<>"]]);
+    $this->failOnJavaScriptErrors();
+  }
+
+}