Agreed that it's malformed. My point was more that I'm curious how many other libraries fail badly when confronted with an unexpectedly large port. It's the edge cases / "no-one would ever be silly enough to do that" that quite frequently lead to security issues =]
Yes, that's why I feel like this is more significant than a simple crash at first glance- no one would purposefully craft a 256+ unchecked character URL, unless they are being malicious, in which case they absolutely will craft a 256+ unchecked character URL.
URLs can definitely get rather long if they contain lots of query data, and the de-facto limit seems to be around 2KB[1]. It's still not acceptable for such URLs to crash the browser though.