User input not URL-encoded in the "Ask a question" input Answered
On this page:
There's the "enter your question" input box. The user-input is added to the GET vars as "questionText", and the spaces are encoded as %20, but the ampersands and question marks are not. This results in the question being split up & ignored, and the remainder is interpreted as another querystring var. So typing in "What is this & that?" becomes "questionText=What%20is%20this%20&%20that?". The ampersands & question marks (and all other non-URL safe) characters should be encoded.