See http://www.ietf.org/rfc/rfc1738.txt :
“Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL.”
The characters “/” and “&” and “?” are such reserved characters which is why they may be seen in many URLs.
Within the scheme-specific portion of a URL, the characters “;”, “/”, “?”, “:”, “@”, “=” and “&” may be used encoded for special purposes. Normally, you see the URL decoded from Punycode and with special characters also decoded.
You need to understand http://www.ietf.org/rfc/rfc1738.txt totally and also http://tools.ietf.org/html/rfc3492 . The URL you usually see has usually already been partially or completely unencoded which is why you often see characters supposedly not allowed.
See http://www.w3schools.com/TAGS/ref_urlencode.asp for basic URL encoding for the disallowed ASCII characters that allows them to appear in unencoded URLs which is what you see in your URL window.