Hi takasibagura,
decodeURIComponent
is only part of the process that we're using to prevent XSS attacks, so we do not expect it to throw an exception in every error case. The examples that you've included aren't a problem because they can't be used to run arbitrary javascript in a user's browser.
We've discussed this matter internally and while we would like to offer support for non-UTF-8 character sets in the future, we don't feel that we can support them at this time without potentially reopening the vulnerability that this code fixed.