The purpose of escaping characters is that they will not be treated as arguments. That way, you really don't want to encode the entire URL, just the values ββyou pass through the request. For instance:
http://example.com/?parameter1=<ENCODED VALUE>¶meter2=<ENCODED VALUE>
The URL you provide is a valid URL that will pass validation. However, the browser interprets the & characters as the gap between the parameters in querystring. So your request:
?q=whatever&lang=en
It will actually be translated by the receiver as two parameters:
q = "whatever" lang = "en"
For your URL to work, you just need to make sure your values ββare encoded:
?q=<ENCODED VALUE>&lang=<ENCODED VALUE>
Change The general problems page from the connected W3C talks about extreme cases when URLs are displayed in html and & is text that can be interpreted as an entity reference (for example, © ). Here is a test in jsfiddle showing the url:
http://jsfiddle.net/YjPHA/1/
In Chrome and FireFox, links work correctly, but IE displays © as & copy;, breaking the link. I have to admit that I never had a problem with this in the wild (this would only affect entity references that don't need a semicolon, which is a pretty small subset).
To keep you safe from this error, you can encode the HTML code of any of your URLs that you are viewing on the page, and everything should be in order. If you are using ASP.NET, a method HttpUtility.HtmlEncode should work fine.