fix: needs to be url encoded

Author: MathiasVDA

packages/yasqe/src/__tests__/share-test.ts

@@ -134,7 +134,7 @@ describe("Share Functionality", () => {
         '        "Accept" = "application/sparql-results+json"',
         "    }",
         '    ContentType = "application/x-www-form-urlencoded"',
-        '    Body = "query=$query"',
+        '    Body = "query=$([System.Net.WebUtility]::UrlEncode($query))"',
         '    OutFile = "sparql-generated.json"',
         "}",
         "",
@@ -145,7 +145,7 @@ describe("Share Functionality", () => {
       expect(psString).to.include('$query = @"');
       expect(psString).to.include('"@');
       expect(psString).to.include(query);
-      expect(psString).to.include('Body = "query=$query"');
+      expect(psString).to.include('Body = "query=$([System.Net.WebUtility]::UrlEncode($query))"');
       expect(psString).to.not.include('Body = "query=`$query"'); // Should NOT escape the variable
       expect(psString).to.include("sparql-generated");
     });

packages/yasqe/src/sparql.ts

@@ -546,15 +546,16 @@ export function getAsPowerShellString(yasqe: Yasqe, _config?: Config["requestCon
     }
 
     // Build the body with the query variable and any other parameters
-    // Note: We don't escape the variable reference itself, only the other args
+    // The query must be URL-encoded for application/x-www-form-urlencoded
     let bodyExpression: string;
+    const urlEncodeExpr = `[System.Net.WebUtility]::UrlEncode($${queryParamName})`;
     if (queryParam && Object.keys(otherArgs).length > 0) {
       // Both query variable and other args
       const otherArgsString = queryString.stringify(otherArgs);
-      bodyExpression = `"${queryParamName}=$${queryParamName}&${escapePowerShellString(otherArgsString)}"`;
+      bodyExpression = `"${queryParamName}=$(${urlEncodeExpr})&${escapePowerShellString(otherArgsString)}"`;
     } else if (queryParam) {
-      // Only query variable
-      bodyExpression = `"${queryParamName}=$${queryParamName}"`;
+      // Only query variable - use subexpression for URL encoding
+      bodyExpression = `"${queryParamName}=$(${urlEncodeExpr})"`;
     } else {
       // Only other args (shouldn't happen, but handle it)
       const otherArgsString = queryString.stringify(otherArgs);