Is this code code vulnerable? windows.location.href usage [closed]

Currently developing a small module and wanted to check with experts whether its code is vulnerable or not. This is part of my internship.

When a button is clicked it opens an android application from its webpage. If the webpage is visited from desktop, it will just have a redirect link. When using mobile browser, it will open the application. Implemented HTML encoding that encodes special characters such as double quotes, <>

Is this below code is secure or will it lead to XSS or redirection kind of attacks?

NOTE: Randomvalue is alphanumeric and it is passed as a part of url upon clicking the button. All values are sample.

<body> <script> function redirect() {    window.location.href="intent://randomvalue#Intent;scheme=owasp;package=com.owasp.top10.vuln;end";  } $  (document).ready(setTimeout(function () {redirect()}, 300)); <script> <a id="open" href="javascript:redirect()"> Open Application</a>