Comment 27 for bug 1659124

I'm neutral on adding '<' and '>' as allowed options.

I think '"' is in the same category. i.e. there is the risk that unexpected reverse proxy behaviour will trigger a CVE-2016-6816 like issue, no parsing issues and likelihood of breakage if the URL is used in HTML or similar without escaping.