When searching for a null character \0 (encoded in HTML as %00 in the q query parameter) in Kagi Maps, the server returns a 500 error. This might allow someone to pass other invalid data in the query URL. I'm not sure how problematic that could be, and I only tested the null character, but there may be more unexplored cases, so it might be worth it adding validation for this parameter.
How to reproduce
What should occur
The backend should throw an HTTP 400 error and sanitize the input.
