Merge Syntax not HTML-escaping in page include query string

Jack,
As far as I can tell, we don’t HTML-escape the % sign, since it doesn’t really bear significance in HTML like the &, <, >, and " characters do (i.e., there’s not a risk of XSS with including this character in a field value and not HTML-escaping it). However, it sounds like you are hitting an issue with loading a page include where the record name contains the % character, right?

I believe I’m seeing the same issue as you, and think this is an issue with of URL-encoding/decoding (not HTML escaping)… specifically, with how Skuid is trying to URL-encode/decode that value. To provide a little more info here, do you mind sharing the query string that you’re using for your Page Include?
Thanks,
Emily

snap={{$Model.SnapInclude.data.0.Snapshot_Name__c}}

which resolves to:
snap=Risk Adjustment % PVD 2019-06-03

and in the console shows up as:
https://c.cs65.visual.force.com/apex/include?snap=Risk%20Adjustment%20%%20PVD%202019-06-03&isinc…

It looks like the URL code for a space is %20 

I can change it to pass a record id and query the model for the record name, but I’m not needing to query the model for any other reason, we just use the text from the name for display on the page include, so it’d be faster to not have to query. 

Jack, have you tried using {{#urlEncode}} function? That function is specifically designed for passing non-URL-safe merge data into URLs, like you’re doing here.

snap={{#urlEncode}}{{$Model.SnapInclude.data.0.Snapshot_Name__c}}{{/urlEncode}}

That works! Thanks so much.