In my example, I returned string ID as “Test 01”. The self-link looks like:
http://hongye2dev3/9cfe3174130842d5b5e43761cee4f566/StringPrimaryKeyType('Test%25201')
This url won't work with IIS7 with default settings. As it will blocks double encoding url for security reason.
The impact for this issue is that special characters like space in entity ID will block odata web host scenarios. User has to disable double encoding check to workaround it. So it should be in high impact.
Comments: The problem here is because we parse id as uri literal by ODataUrlBuilder which will encode the string the first time. We will put the encoded string to UrlHelper.Link and it will encode it twice.
http://hongye2dev3/9cfe3174130842d5b5e43761cee4f566/StringPrimaryKeyType('Test%25201')
This url won't work with IIS7 with default settings. As it will blocks double encoding url for security reason.
The impact for this issue is that special characters like space in entity ID will block odata web host scenarios. User has to disable double encoding check to workaround it. So it should be in high impact.
Comments: The problem here is because we parse id as uri literal by ODataUrlBuilder which will encode the string the first time. We will put the encoded string to UrlHelper.Link and it will encode it twice.