Question

如果实体存在，我有OData端点为客户端名字和姓氏做过滤。当用户在名称字符串中使用'字符并且将破坏OData URI解析器时，会发生问题我的测试字符串将是

http://localhost.com/Clients？$ filter = FirstName eq'test'20001'和 LastName eq'test20001'

我的堆栈跟踪

{
    "error": {
        "code": "",
        "message": "The query specified in the URI is not valid. There is an unterminated string literal at position 23 in 'FirstName eq 'test20001'.",
        "innererror": {
            "message": "There is an unterminated string literal at position 23 in 'FirstName eq 'test20001'.",
            "type": "Microsoft.OData.ODataException",
            "stacktrace": "   at Microsoft.OData.UriParser.ExpressionLexer.NextToken()\r\n   at Microsoft.OData.UriParser.UriQueryExpressionParser.ParseComparison()\r\n   at Microsoft.OData.UriParser.UriQueryExpressionParser.ParseLogicalAnd()\r\n   at Microsoft.OData.UriParser.UriQueryExpressionParser.ParseLogicalOr()\r\n   at Microsoft.OData.UriParser.UriQueryExpressionParser.ParseExpression()\r\n   at Microsoft.OData.UriParser.UriQueryExpressionParser.ParseExpressionText(String expressionText)\r\n   at Microsoft.OData.UriParser.ODataQueryOptionParser.ParseFilterImplementation(String filter, ODataUriParserConfiguration configuration, ODataPathInfo odataPathInfo)\r\n   at Microsoft.OData.UriParser.ODataQueryOptionParser.ParseFilter()\r\n   at System.Web.OData.Query.FilterQueryOption.get_FilterClause()\r\n   at System.Web.OData.Query.Validators.FilterQueryValidator.Validate(FilterQueryOption filterQueryOption, ODataValidationSettings settings)\r\n   at System.Web.OData.Query.FilterQueryOption.Validate(ODataValidationSettings validationSettings)\r\n   at System.Web.OData.Query.Validators.ODataQueryValidator.Validate(ODataQueryOptions options, ODataValidationSettings validationSettings)\r\n   at System.Web.OData.Query.ODataQueryOptions.Validate(ODataValidationSettings validationSettings)\r\n   at System.Web.OData.EnableQueryAttribute.ValidateQuery(HttpRequestMessage request, ODataQueryOptions queryOptions)\r\n   at System.Web.OData.EnableQueryAttribute.ExecuteQuery(Object response, HttpRequestMessage request, HttpActionDescriptor actionDescriptor, ODataQueryContext queryContext)\r\n   at System.Web.OData.EnableQueryAttribute.OnActionExecuted(HttpActionExecutedContext actionExecutedContext)"
        }
    }
}

Answer 1

这是我如何解决它

var filter = '$filter=FirstName eq \'' + escapeString(self.selectedClient().FirstName())
                function escapeString(string) {
                    string = string.replace(/'/g, '\'\'');
                    string = string.replace(/&/g, '%26');
                    return string;
                }

如何在OData端点URL中允许'字符

1 个答案: