The escape URL filter in HubL (HubSpot’s templating language) only escapes spaces ( ) in URLs but fails to encode other special characters (e.g., %, $, &, ?, #, +, etc.) as expected. This can lead to broken or malformed URLs when dynamic content contains reserved or unsafe characters.
The escape_url filter should fully URL-encode the string according to standard URL encoding rules (e.g., converting % to %25, $ to %24, spaces to %20 or +, etc.), similar to JavaScript’s encodeURIComponent() or other common URL encoding methods.
Currently, the filter only replaces spaces with %20 (or +), leaving other special characters unencoded. For example:
Input: {{ “sales%data$2024” | escape_url }}
Expected Output: sales%25data%242024
Actual Output: sales%data$2024
This causes issues when the URL is used in links or API calls where special characters must be escaped.
Impact:
Broken links or redirects when URLs contain unescaped special characters.
Inconsistent behavior compared to other templating systems or standard URL encoding.
Proposed Fix:
Update the escape filter to fully URL-encode all reserved/unsafe characters, not just spaces. Alternatively, introduce a new filter (e.g., url_encode or encode_uri_component) for stricter compliance with URL encoding standards.
