Flow - lightweight fast template engine using Split twice

/

Technique 2 β€” Building a Lightweight Template Engine (Using Split Twice)

Take this example (using a handle-bar stil syntax)

ABC {{def}} GHI {{jkl}} MN

Using a dictionary (Compose)

{
  "def": "fish 🐟",
  "jkl": "chips 🍟"
}

We want to build a mini-template engine.
Now you might think - ah ok, let’s get some variables in here.

But John really dislikes variables in fact most of these flow hacks are how to not use variables. So how do you do this without variables?

1. Split on {{

split(outputs('Compose'), '{{')

result 

[ 
  "ABC ",
  "def}} GHI ",
  "jkl}} MN"
]

2. Split each on }}

inside each item, split again

split(item(),'}}')

So now our original string becomes either:
["ABC "]

or

["def"," GHI "]

Recap, combine step 1 and 2

Select:
  from: split(outputs('Compose'), '{{')
  item: split(item(), '}}')

3. Conditional replacement using dictionary lookup

if(
  equals(length(item()),2),
  concat(
    outputs('Dictionary')?[item()?[0]],
    item()?[1]
  ),
  item()?[0]
)

Hidden insight

So the trick is this. If the row has 2 elements, that means the first element is a token, the rest is the remainder. If the row has only 1 element - then just return that.

[
  item()[0],
  dictionary[item()[0]] item()[1],
  dictionary[item()[0]] item()[1]
]
==>
[
  "ABC",
  "fish 🐟 GHI",
  "chips 🍟 MN"
]

If you want your dictionary lookup to be case insensitive, you can add toLower() to wrap around item()?[0]

4. Join it all together

join(body('Select'),'')

Result

ABC fish 🐟 GHI chips 🍟 MN

No loops.
No apply-to-each.
No regex.
No variables.
Super fast zero-second action.

This technique lets you:

  • Build dynamic email templates

  • Create server-side HTML rendering logic

  • Replace merge fields safely

  • Do token replacement in Dataverse text

  • Build dynamic document generators

All using standard Power Automate expressions.

Flow - character replace pattern with chunk()

/

Hi, it’s 5am, I can’t sleep, I had these two Flow ideas that are really cool.

First is a super fun trick with

  • chunk()

  • Select

  • join()

  • coalesce()

No loops.
No variables.

First problem - string character replacement - safe HTML normaliser

Let’s start with this string

Test <b>HTML</b> & special chars: < > & " '
Name: O'Brien

Now imagine this text is:

  • coming from Dataverse

  • pasted by a user

  • generated by AI

  • injected into HTML email

  • rendered inside a PDF

If you don’t escape it properly… things break.

We want to safely replace:

Character Replace With
< &lt;
> &gt;
" &quot;
' ’ (optional smart quote)

Power Automate doesn’t give us a multi-replace expression. You’ve probably done this type of replace-replace before

replace(
      replace(
        replace(
          replace(
            replace(
              string(outputs('Compose')),
              '&','&amp;'
            ),
            '<','&lt;'
          ),
          '>','&gt;'
        ),
        '"','&quot;'
      ),
      '''','&#39;'
    )

So the clever hack I have is this:

1. Use chunk to break string into char array

chunk(outputs('Compose'),1)

2. Use Select action to map this array with a formula that replaces certain characters

Select
from: 
  chunk(outputs('Compose'),1)
select: 
  coalesce(
    if(equals(item(),'&'),'&amp;',null),
    if(equals(item(),'<'),'&lt;',null),
    if(equals(item(),'>'),'&gt;',null),
    if(equals(item(),'"'),'&quot;',null),
    if(equals(item(),''''),'’',null),
    item(),
    null
  )

We are testing each character in order:

  1. If < β†’ return &lt;

  2. If > β†’ return &gt;

  3. If " β†’ return &quot;

  4. If ' β†’ return ’

  5. Otherwise β†’ return original character

coalesce() returns the first non-null value.

3. join it back together

join(body('Select'),'')

Why not just use Replace?

You could chain:

replace(replace(replace(...)))

But:

  • It becomes unreadable fast

  • Order matters (you can double-encode)

  • It doesn’t scale well

  • It’s painful to debug

Using chunk() + Select():

  • You see exactly what happens per character

  • It’s safe

  • It’s predictable

  • It’s extensible

It’s basically a mini parsing engine.

The Hidden Insight

The real trick isn’t escaping characters.
The trick is this:

Turn string β†’ array β†’ transform β†’ join.

Once you realise Select is a map function…

Flow Studio DevLog: reported for phishing and woes of Cloudflare

/

This is a quick blog post, but also REALLY IMPORTANT, concerning Flow Studio App (flowstudio.app) - the main, root URL.

What’s happening right now

Right now, if you navigate to the root url flowstudio.app, you’ll get a really scary looking warning page from CloudFlare.

You can prove you are a human, and click Ignore & Proceed. Then you can still use Flow Studio App without any issues. But… most people will hold back and think wait what’s going on.

What is the root cause

flowstudio.app is the root of our website and saas app. There is Javascript code in the Angular web application that says: if you have logged in before, and you return, but your login has expired, then redirect you to re-login (via Microsoft). It happens really fast, so the user must have thought hmm I click flowstudio.app but it immediately redirected me to login with my Microsoft Account. 😱 This must be phishing.

So we got reported, a false report, but still a report. We were reported on 04 September 2025. That’s a whole two weeks ago!

The report is only affects our root page: https://flowstudio.app
It doesn’t affect other pages: https://dev.flowstudio.app or https://powerstudio.app (these are all fine because there’s really nothing wrong with the Angular app).

How to blame CloudFlare without blaming CloudFlare

The company that gives free CDN and DNS routing, and saves me gigabytes of cached data, is also the one that takes away.

Their support, at least on the free or lower-end tiers, are non-existent. I’ve submitted for a review within the week, but so far, I’ve not heard back, and the scary warning remained. Their reputation on reddit around support is awful, so I’m not holding my breath.

Flow Studio’s google ranking has tanked and visitor is now null.
Ouch!

What we are going to do about this

First, we have moved the app to a separate subdomain, previously we have:

https://dev.flowstudio.app (this has always been our dev branch which doesn’t have the warning)
We are now adding https://prod.flowstudio.app which is where the App will live from now on.

Second, we will deploy a static Azure Static Web App for https://flowstudio.app which will link to our various product tiers and offerings. Initially, this will mirror a basic version of the previous Flow Studio home page, but over time we’ll improve the design separately.

Third, for now, CloudFlare still has to manage the various DNS subrecords, but we won’t use CloudFlare to Proxy (and CDN) our https://flowstudio.app home page. Which will allow us to control our landing experience again.


You’ll see some web updates through this weekend. Thank you for your support and please feel free to reach out if you see any unexpected results or issues.

About: The old trigger URL will stop working on November 30, 2025

/

Starting in August 2025, we’ve begun to see this warning a lot in our Power Automate flows that uses HTTP Request (or Team Webhook) triggers.

β€œThe old trigger URL will stop working on November 30, 2025. Your tools that use this flow WILL break unless you update them with the new URL.”

The old url uses the logic app domain: 

https://*.logic.azure.com/workflows/{flow-name}/triggers/manual/paths/invoke

The new URL uses a largely undocumented api.powerplatform.com domain. 

https://{environment-name}.environment.api.powerplatform.com/powerautomate/automations/direct/workflows/{flow-name}/triggers/manual/paths/invoke

Why New URL?

The NEW URL looks to be more future proof and ties the invoke URL to the environment and flow name within Power Platform, rather than the underlying logic apps infrastructure.

Microsoft’s documentation is here: Changes to HTTP or Teams Webhook trigger flows

Flow Studio new feature: Flow (Request) Report

To help with updating these URLs, we decide to put in a special View and Report for this in Flow Studio. Here, we are doing 4 things:

  • This report shows flows that use the "When an HTTP request is received" trigger. These flows can be triggered externally via HTTP requests, making them suitable for integration scenarios.

  • First we do a scan of all the environments and find all your flows that use this trigger. This may take a few minutes depending on the number of environments and flows.

  • Then for each flow we will need to check the flow definition to extract the old and new request URL and method.

  • We also need to check the flow's run history to see if it has been triggered recently. This will help us identify active flows.

We present this in a quick table for you to browse, but also provide an Export to Excel functionality so you can decide how you want to tackle the list.

Permissions

Because of the API access we need to read definition and trigger callback URL, this is not a scan we can do at the admin level - it has to be the owner of the flows.

You can find this new feature in our dev build:
https://dev.flowstudio.app

Diff Mode in Flow Studio

/

We are happy to introduce a new feature update in Flow Studio app. β€œDiff Mode”

  • Navigate to Diff on the left hand side.

  • Use the top dropdowns to select your environment, flow and (optionally) version. Hit β€œLoad”

  • You can use Monaco (VS Code) editor to copy Flow definition differences to the right hand side.

  • The left hand side is always read-only.

  • Clicking β€œSave” will save the right hand side flow definition.

This is a feature previously hidden in β€œSnapshots” and β€œDiff” flow. But that experience only lets you compare between the flow and its previous versions. The new experience also let you compare a flow between two different environments. So if you have Dev, Test and Prod environments with unmanaged solutions - you may need this to keep your flows in sync.

Do test this out in https://dev.flowstudio.app v1.3.58 for now and give us your feedback. We’ll aim to push this to production build within 1 week.

Thank you for supporting Flow Studio App