diff --git a/tas-upload-sarif/action.yml b/tas-upload-sarif/action.yml
index 53e7362..5d04e1d 100644
--- a/tas-upload-sarif/action.yml
+++ b/tas-upload-sarif/action.yml
@@ -1,23 +1,23 @@
-name: 'TAS Upload SARIF'
-description: 'Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false'
+name: "TAS Upload SARIF"
+description: "Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false"
 inputs:
   tas-base-url:
-    description: 'Base URL of the TAS API (e.g. https://tas.example.com)'
+    description: "Base URL of the TAS API (e.g. https://tas.example.com)"
     required: true
   sarif-file:
-    description: 'Path to the SARIF report file (JSON)'
+    description: "Path to the SARIF report file (JSON)"
     required: true
   owner:
-    description: 'Repository owner (default: GitHub repository owner)'
+    description: "Repository owner (default: GitHub repository owner)"
     required: false
   repo:
-    description: 'Repository name (default: GitHub repository name)'
+    description: "Repository name (default: GitHub repository name)"
     required: false
   branch:
-    description: 'Branch name (default: current ref name, e.g. main)'
+    description: "Branch name (default: current ref name, e.g. main)"
     required: false
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
     - name: Upload SARIF to TAS and gate
       shell: bash
@@ -29,7 +29,10 @@ runs:
         SARIF_FILE: ${{ inputs.sarif-file }}
       run: |
         BASE_URL="${BASE_URL%/}"
-        URL="${BASE_URL}/repos/${OWNER}/${REPO}/branches/${BRANCH}/reports"
+        OWNER_ENC=$(jq -rn --arg x "$OWNER" '$x | @uri')
+        REPO_ENC=$(jq -rn --arg x "$REPO" '$x | @uri')
+        BRANCH_ENC=$(jq -rn --arg x "$BRANCH" '$x | @uri')
+        URL="${BASE_URL}/repos/${OWNER_ENC}/${REPO_ENC}/branches/${BRANCH_ENC}/reports"
         echo "Uploading SARIF to TAS: $URL"
 
         if [[ ! -f "$SARIF_FILE" ]]; then