This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Reported by Björn Höhrmann: Hey, this is a FAQ and the validator does not do it any better than Joe Average? I first thought of an Aprils Fool... If a URI submitted for Validation contains a &, the Validator will not escape it (most of the time) on the results page, see e.g. http://validator.w3.org:8001/check?uri=http%3A%2F%2Fvalidator.w3.org%3A8001%2Fc heck%3Furi%3Dhttp%253A%252F%252Fwww.w3.org%252F%253F%2526foo (validation of validation of http://www.w3.org/&foo).
*** This bug has been marked as a duplicate of 62 ***
As Björn points out, these aren't really duplicates; they're two separate aspects of a similar general issue.
Ok, we now entity encode the validated URI before output.