How do you avoid stripping a layer of escape encoding on javascript window.open?

For the first time in our site we have 开发者_开发知识库a link that has several layers of encoding that needs to be there in order to get through the company's authentication portal. When the user copies the target from the window.open function and pastes it in text editor, ditto on the target that shows up in the new window--when you compare the two, the one that shows up in the window has been stripped of one layer of encoding.

We've determined that this is happening on the client-sdie, but no one knows why or what to do to work around it. Is this a common problem? What are we missng?

Example: we have a javascript function:

function OpenStandardWindow(url, h, w)
{
    var t = (screen.height / 2) - (h / 2) - 75;
    var l = (screen.width / 2) - (w / 2);
    window.open(url,"_blank","height=" + h + ",width=" + w + ",top=" + t + ",left=" + l + ",resizable=yes,scrollbars=yes,status=yes,toolbar=yes,location=yes,menubar=yes");
}

which works great with URLs without escaped encoding.

but when a URL like this http://www.site.com/dispatcher?realm=example&BaseURL=%25253dhttps%2525253a%2525252f%2525252fexample.domain.com..etc.

what appears in the window is: http://www.site.com/dispatcher?realm=example&BaseURL=%253dhttps%25253a%25252f%25252fexample.domain.com

Notice that the new URL has lost a layer of escape encoding (i.e. '25').

Why is this happening?