diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php
index 7752654e..0e7792ab 100644
--- a/src/Http/RequestFactory.php
+++ b/src/Http/RequestFactory.php
@@ -100,7 +100,10 @@ public function createHttpRequest()
 
 		// normalized url
 		$url->canonicalize();
-		$url->setPath(Strings::fixEncoding($url->getPath()));
+
+		if (preg_match(self::NONCHARS, $url->getPath()) || preg_last_error()) {
+			throw new InvalidRequestException(); // TODO!
+		}
 
 		// detect script path
 		if (isset($_SERVER['SCRIPT_NAME'])) {