In the class: org.apache.wicket.protocol.http.WicketURLDecoder there are two IllegalArgumentException which should be wrapped in WicketRuntimeException, otherwise they are caught by the exception handler form the servlet container (jetty, tomcat, ...) which then uses their http 500 error code configuration instead of the exception handling of wicket.
Wrapping them would be good for consistency and help manage runtime exceptions.
These are the two exceptions:
throw new IllegalArgumentException("URLDecoder: Incomplete trailing escape (%) pattern");
throw new IllegalArgumentException("URLDecoder: Illegal hex characters in escape (%) pattern - " + e.getMessage());