The encoding is done as preventive measure against XSS attacks. I am not sure if we should let single quotes pass through in URL as it is a rare edge case. Thoughts?
We should follow the spec here with our encoding. Technically I think we got to allow stuff like ( and ) through cause wikipedia can use that. Even & is allowed according to spec eg: https://en.wikipedia.org/wiki/&
Works fine (even though ' isn’t percent encoded per the spec). I’m not aware of a situation where HTML entities should be used anywhere in a URL, even in query params.