When colon “:” and plus “+” is used with OData V4 request as part of a DateTimeOffset format parameter an OData V4 function, IIS 7.0+ rejects the request terming usage of “:” and “+” as invalid, since they are restricted characters in URL Path.
For example:
http://abkmr1213/abkmrorg/api/data/LocalTimeFromUtcTime(TimeZoneCode=4,UtcTime=2015-01-08T15:08:16.1512974+05:30) will cause parsing failure in IIS.
Also, if we fully encode all : as %3A, and all + as %2B, still IIS 7.0+ will fail while parsing %2B due to the default value of allowDoubleEscaping=false. %2B is double encoding of space, hence the parsing failure in : http://abkmr1213/abkmrorg/api/data/LocalTimeFromUtcTime(TimeZoneCode=4,UtcTime=2015-01-08T15%3A08%3A16.1512974%2B05:30)
As an alternative, it is possible to use function parameters in query options and make the call after fully escaping all ":" and "+" characters:-
http://abkmr1213/abkmrorg/api/data/LocalTimeFromUtcTime(TimeZoneCode=4,UtcTime=@utcTime)?@utcTime=2015-01-08T15%3A08%3A16.1512974%2B05:30
I would request that support be added in odata client libraries to encode DateTimeOffset function parameters as query options with URL encoding. Otherwise enabling the use of ":" and "+" within the URL opens up the IIS server to large security risks.
abkmr
All 3 comments
+1
mattjvan
on 20 May 2016
When will this be implemented? We currently have use for this functionality. :)
drMerf
on 27 Jun 2018
@drMerf What do you think to be implemented? Issue at client side https://github.com/OData/odata.net/issues/73?
xuzhg
on 27 Jun 2018
Related issues
sheam
·
3Comments
TehWardy
·
5Comments
LianwMS
·
5Comments
IgorWolbers
·
3Comments
LianwMS
·
3Comments
Most helpful comment
+1