What is the issue with the URL Standard?

In this document:

https://url.spec.whatwg.org/#concept-basic-url-parser

Item 3 says:

Remove all ASCII tab or newline from input.

After this it proceeds to describe how different parsing states should be processed and in host state/hostname state it states that a bad host should result in a parsing termination error (points 3 and 4):

Let host be the result of host parsing buffer with url is not special.

If host is failure, then return failure.

In host parsing, it says that a forbidden code point should terminate parsing:

If asciiDomain contains a forbidden domain code point, domain-invalid-code-point validation error, return failure.

Finally, forbidden host code point includes tab as an invalid character, which should fail URL parsing or a manufactured host name will be produced.

This ordering of stripping all tabs from a URL and then not allowing tabs in host names prevents host names from being validated properly (i.e. invalid characters are removed before they can be evaluated).

This has an immediate effect on some of the current libraries. For example Python's urlsplit will take abc<tab>xyz.test and will manufacture a host name abcxyz.test, which happens because they remove tabs from the URL, before having a chance to validate the host name.