In 1.19.5, we handle most of these cases by configuring tomcat to allow certain characters to be unescaped in the URL.
https://github.com/FusionAuth/fusionauth-issues/issues/635
So an upgrade is the most straightforward way to handle this.
If you are proxying FusionAuth (behind something like nginx) you could also capture and hide any 500 errors: https://stackoverflow.com/questions/8715064/nginx-not-serving-my-error-page/8715597#8715597.