EF return parameter uses base64 encoding, but that allows backslashes

Enrollment flows allow passing a return parameter in the start URL, which supposedly is used to send the user back to after completing the enrollment. This return parameter is supposed to be base64 encoded.

However, base64 encoding allows the backslash character in the encoded result. In such a case, the return parameter is parsed incompletely, as the backslash is used as a parameter-separator by Cake and/or the webserver.

URL-encoding the base64 encoded result does not work. Encoding it once or twice is interpreted by the webserver. Encoding it three times seems to result in the parameter being passed completely, but then it should be url-decoded before being base64-decoded.

The exact number of encodings-decodings might be related to exact webserver configuration, number of redirections, etc.

It would be best if a proper encoding algorithm was used, however none springs to mind. Url-encoding is not proper per se, as this is not part of the query parameter, but part of the URL path portion. An adjusted base64 encoding that replaces backslash with asterix, ampersand or minus might do the trick, but that is no standard.