Visual Builder table item url is not properly escaped when the {{key}} contains pound sign.

[danroot]

Kibana version:
6.1.3

Elasticsearch version:
6.1.3

Server OS version:
Linux 3.10.0-693.17.1.el7.x86_64

Browser version:
Chrome

Browser OS version:
Windows

Original install method (e.g. download page, yum, from source, etc.):
yum

Describe the bug:
Visual Builder table item url is not properly escaped when the {{key}} contains pound sign.

Steps to reproduce:

1. Visual Builder -> Table -> Group By some keyword field. In this example, exception.Message
2. Panel Options -> Item Url -> Some url with {{key}}. For example, a saved search where the search is replaced by {{key}}. In this example, https://kibana.somewhere.com/app/kibana#/discover/9dd592a0-bc08-11e8-86d6-af6384bc71f5?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-4h,mode:quick,to:now))&_a=(columns:!(exception.ClassName,exception.Message,useragent,environment,c-ip),filters:!(),index:a0e0d050-12a2-11e8-88fc-f9ef6870dc6b,interval:auto,query:(language:lucene,query:'exception.Message:%22{{key}}%22'),sort:!('@timestamp',desc))
3. Ensure some data has a pound sign (#), and some does not. In this example, some rows have exception.Message of "Error #123: some description" other rows have exception.Message of "Some error without a pound sign"
4. Save visual.
5. Click link without pound sign. Observe link works as expected. If using a saved search, it is filtered as expected.
6. Click link with pound sign. Observe link is not properly escaped. If using a saved search an error "unable to parse URL" is shown.

Expected behavior:
Expected behavior is that {{key}} is escaped correctly and works whether or not there is a pound sign. One solution would be some function to escape it. Documentation indicates {{#url}}{{key}}{{/url}} should escape it, but this does not work in this context, giving an error that url is not valid.

[tylersmalley]

@elastic/kibana-app

[Bleacks]

Hello @danroot, have you found a way to format url using mustache in the "Item URL" field ?

I'm sorry to update such an old post, but I'm struggling with the same issue, and I couldn't find a way to get around it.

[MaffooClock]

This problem also exists in the TSVB visualization in v7.4.0

[flash1293]

Depending on where the value is used, this can also happen if there’s an exclamation mark or quote in the value. The best option to fix it I can see is to register a custom helper for url-encoding the key in case it’s used in such a way in the url (https://handlebarsjs.com/guide/#custom-helpers) I don’t think we can just do this by default because it would break cases where the full key is the url (or the domain) of the drilldown which works fine today.