Reserved characters was missing the ';'. See uriReserved on page 88 of the ECMAScript Language Specification, version 3.
The part about encodeURI being dangerous when register_globals is on is misleading. Having register_globals on increases your chances of writing exploitable code regardless of whether you use encodeURI or not since the attacker can always handcraft the request. The actual problem of incorrectly using encodeURI is that it breaks legimate requests. Aapo Laitinen 02:45, 19 December 2005 (PST)