Throw if raw_value contains an AdCP macro token. The encoder
output is already safe from second-round expansion (braces become
%7B / %7D), so this is a defensive check for sellers who want
to fail-fast at catalog ingest rather than let suspicious values
propagate. Opt-in; callers that omit it accept the canonical
encode-and-move-on behavior shown by
nested-expansion-preserved-as-literal.
Strict RFC 3986 unreserved-whitelist percent-encoder. Only
ALPHA / DIGIT / "-" / "." / "_" / "~"pass through; every other byte is UTF-8 + percent-encoded with uppercase hex digits.The behavior intentionally differs from
encodeURIComponent, which leaves( ) * !unescaped — those are sub-delims, not unreserved, and leaving them raw fails theurl-scheme-injection-neutralizedvector when a value likejavascript:alert(0)substitutes into anhref-whole-value position.