Index: src/OFDictionary.m
==================================================================
--- src/OFDictionary.m
+++ src/OFDictionary.m
@@ -584,13 +584,15 @@
 		if OF_UNLIKELY (first)
 			first = false;
 		else
 			[ret appendString: @"&"];
 
-		[ret appendString: [[key description] stringByURLEncoding]];
+		[ret appendString: [[key description]
+		    stringByURLEncodingWithAllowedCharacters: "-._~!$'()*+,;"]];
 		[ret appendString: @"="];
-		[ret appendString: [[object description] stringByURLEncoding]];
+		[ret appendString: [[object description]
+		    stringByURLEncodingWithAllowedCharacters: "-._~!$'()*+,;"]];
 	}
 
 	[ret makeImmutable];
 
 	objc_autoreleasePoolPop(pool);

Index: src/OFString+URLEncoding.m
==================================================================
--- src/OFString+URLEncoding.m
+++ src/OFString+URLEncoding.m
@@ -28,11 +28,12 @@
 int _OFString_URLEncoding_reference;
 
 @implementation OFString (URLEncoding)
 - (OFString *)stringByURLEncoding
 {
-	return [self stringByURLEncodingWithAllowedCharacters: "$-_.!*()"];
+	return [self stringByURLEncodingWithAllowedCharacters:
+	    "-._~!$&'()*+,;="];
 }
 
 - (OFString *)stringByURLEncodingWithAllowedCharacters: (const char *)allowed
 {
 	void *pool = objc_autoreleasePoolPush();
@@ -51,15 +52,10 @@
 		    ([self UTF8StringLength] * 3) + 1];
 
 	for (i = 0; *string != '\0'; string++) {
 		unsigned char c = *string;
 
-		/*
-		 * '+' is also listed in RFC 1738, however, '+' is sometimes
-		 * interpreted as space in HTTP. Therefore always escape it to
-		 * make sure it's always interpreted correctly.
-		 */
 		if (of_ascii_isalnum(c) || strchr(allowed, c) != NULL)
 			retCString[i++] = c;
 		else {
 			unsigned char high, low;
 

Index: tests/OFStringTests.m
==================================================================
--- tests/OFStringTests.m
+++ tests/OFStringTests.m
@@ -781,12 +781,12 @@
 	TEST(@"-[SHA512Hash]", [[C(@"asdfoobar") SHA512Hash] isEqual:
 	    @"0464c427da158b02161bb44a3090bbfc594611ef6a53603640454b56412a9247c"
 	    @"3579a329e53a5dc74676b106755e3394f9454a2d42273242615d32f80437d61"])
 
 	TEST(@"-[stringByURLEncoding]",
-	    [[C(@"foo\"ba'_~$") stringByURLEncoding]
-	    isEqual: @"foo%22ba%27_%7E$"])
+	    [[C(@"foo\"ba'_~$]") stringByURLEncoding]
+	    isEqual: @"foo%22ba'_~$%5D"])
 
 	TEST(@"-[stringByURLDecoding]",
 	    [[C(@"foo%20bar%22+%24") stringByURLDecoding]
 	    isEqual: @"foo bar\"+$"])