While I get that:
1. URLs must be escaped within HTML
2. The initial scheme/host portions of a URL (up to but not including the path) may need to be visually escaped to avoid deceptive links which look like another domain is being referenced.
3. The browser has a standard by which upon transmission, the path must be escaped as well
... it is very cumbersome for links with international characters in the paths or hash to be visually escaped, e.g., if one is pointing to say a Russian or Chinese wiki article. These sequences can also get quite long as well as being unreadable to most.
I would suggest that URLs avoid URL-encoding (as opposed to HTML-encoding which of course remains necessary to avoid XSS) the path + hash portion of URLs.
Please sign in to leave a comment.