URL parser does unwanted transformations of URL
When parsing an URL, in additional to transformations that are specified by standard (https://www.ietf.org/rfc/rfc2396.txt), IRI parser makes attempt to do transformations of XML entities, like """ and "&". This is not correct, because XML and HTML entities are part of XML/HTML standard and not part of URL standard.
From my point of view, part of code that works with HTML entities should be removed from URL parser, because such unwanted behaviour might be the reason of vulnerabilities in different software systems.
Edited by saur0n