fix: address Copilot PR review feedback

- _odata_str_literal now percent-encodes URL-reserved characters (%, #, ?, &)
  by delegating to build_url_friendly_object_name. Previously a name_pattern
  like 'Sales & Marketing' would corrupt the URL query string at &$filter=.

- get_elements_dataframe trio-filter path now forwards **kwargs to
  get_element_names so request-level options (timeout, cancel_at_timeout,
  async_requests_mode) reach the REST call, matching the rest of the method.

Added unit tests covering both behaviors.

Author: RobbyMeyers

TM1py/Services/ElementService.py

@@ -36,6 +36,7 @@
     CaseAndSpaceInsensitiveSet,
     CaseAndSpaceInsensitiveTuplesDict,
     build_element_unique_names,
+    build_url_friendly_object_name,
     dimension_hierarchy_element_tuple_from_unique_name,
     format_url,
     require_data_admin,
@@ -463,6 +464,7 @@ def get_elements_dataframe(
                     element_type=element_type,
                     name_pattern=name_pattern,
                     level=level,
+                    **kwargs,
                 )
                 if resolved:
                     elements = (
@@ -1882,8 +1884,16 @@ def _coerce_element_types(value) -> List[int]:
 
 
 def _odata_str_literal(s: str) -> str:
-    """Wrap a string in single quotes, doubling embedded single quotes per OData spec."""
-    return "'" + s.replace("'", "''") + "'"
+    """Wrap a string in single quotes for use inside an OData $filter clause that
+    will be appended raw to a URL query string.
+
+    Doubles embedded single quotes per the OData spec AND percent-encodes
+    URL-reserved characters ('%', '#', '?', '&') so that user-supplied values
+    containing those chars don't corrupt the query string. Delegates the escaping
+    to ``build_url_friendly_object_name`` to stay aligned with the rest of the
+    codebase's URL-construction convention.
+    """
+    return "'" + build_url_friendly_object_name(s) + "'"
 
 
 def _normalize_for_match(s: str) -> str:

Tests/ElementService_filtering_helpers_test.py

@@ -1,7 +1,13 @@
 import unittest
+from unittest.mock import MagicMock, patch
 
 from TM1py.Objects import Element
-from TM1py.Services.ElementService import _build_elements_filter, _coerce_element_types
+from TM1py.Services.ElementService import (
+    ElementService,
+    _build_elements_filter,
+    _coerce_element_types,
+    _odata_str_literal,
+)
 
 
 class TestCoerceElementTypes(unittest.TestCase):
@@ -227,5 +233,74 @@ def test_level_bool_raises(self):
             _build_elements_filter(None, None, True)
 
 
+class TestOdataStrLiteralUrlSafety(unittest.TestCase):
+    """The filter clause is concatenated raw into the URL query string
+    (url += '&$filter=' + clause), so any string literal inside it must
+    percent-encode URL-reserved characters (&, %, #, ?) — not just escape
+    OData single quotes. Otherwise an element name like 'Sales & Marketing'
+    would prematurely terminate $filter and corrupt the query."""
+
+    NAME_EXPR = "tolower(replace(Name,' ',''))"
+
+    def test_literal_url_escapes_ampersand(self):
+        self.assertEqual(_odata_str_literal("a&b"), "'a%26b'")
+
+    def test_literal_url_escapes_percent(self):
+        self.assertEqual(_odata_str_literal("a%b"), "'a%25b'")
+
+    def test_literal_url_escapes_hash(self):
+        self.assertEqual(_odata_str_literal("a#b"), "'a%23b'")
+
+    def test_literal_url_escapes_question_mark(self):
+        self.assertEqual(_odata_str_literal("a?b"), "'a%3Fb'")
+
+    def test_literal_still_escapes_single_quote(self):
+        # OData spec requires doubling embedded single quotes; the URL fix
+        # must not regress this.
+        self.assertEqual(_odata_str_literal("O'Brien"), "'O''Brien'")
+
+    def test_pattern_with_ampersand_produces_url_safe_filter(self):
+        # The bug: 'Sales & Marketing' would emit a raw '&' that splits the
+        # query string at &$filter= and creates a phantom '$filter' param.
+        result = _build_elements_filter(None, "*Sales & Marketing*", None)
+        self.assertNotIn("&", result)
+        self.assertIn("%26", result)
+        self.assertEqual(result, f"contains({self.NAME_EXPR},'sales%26marketing')")
+
+
+class TestGetElementsDataFrameForwardsKwargs(unittest.TestCase):
+    """Regression: in the trio-filter branch of get_elements_dataframe, the
+    internal call to get_element_names previously dropped **kwargs, silently
+    discarding request-level options (timeout, cancel_at_timeout,
+    async_requests_mode) that the rest of the method forwards consistently."""
+
+    def test_trio_path_forwards_kwargs_to_get_element_names(self):
+        service = ElementService.__new__(ElementService)
+        service._rest = MagicMock()
+
+        sentinel = RuntimeError("__stop__")
+        recorded = {}
+
+        def fake_get_element_names(*args, **kwargs):
+            recorded["kwargs"] = kwargs
+            raise sentinel
+
+        with patch.object(service, "get_element_names", side_effect=fake_get_element_names):
+            with self.assertRaises(RuntimeError) as ctx:
+                service.get_elements_dataframe(
+                    dimension_name="d",
+                    hierarchy_name="h",
+                    name_pattern="foo*",
+                    timeout=42,
+                    cancel_at_timeout=True,
+                    async_requests_mode=True,
+                )
+            self.assertIs(ctx.exception, sentinel)
+
+        self.assertEqual(recorded["kwargs"].get("timeout"), 42)
+        self.assertEqual(recorded["kwargs"].get("cancel_at_timeout"), True)
+        self.assertEqual(recorded["kwargs"].get("async_requests_mode"), True)
+
+
 if __name__ == "__main__":
     unittest.main()