OK, I have noticed recently a lot of folks getting tripped up on sending outbound SOAP messages, particularly in the Business Rules (BR) and other scripts they are writing to post successfully an outbound message. I think part of the problem is to stop using the deprecated setParameter('name', 'value') function.
If you are writing a script that sends an outbound SOAP message you are probably familiar with this code:
var s = new SOAPMessage('SOAPName', 'SOAPFunction');
s.setParameter(name, value);
var response = s.post();
The problem with that code is it doesn't escape XML specific characters or handle custom XML strings. What we should be doing is the following:
var s = new SOAPMessage('SOAPName', 'SOAPFunction');
s.setStringParameter(name, value);
var response = s.post();
The setStringParameter calls Packages.org.apache.commons.lang.StringEscapeUtils.escapeXml(value); to remove any XML specific characters before setting that value.
The setXMLParameter(name, value) sets a literal XML value for a specific field in the SOAP Envelope. There is no escaping here. I will not talk about this one much because John has already posted a pretty good blog here: http://www.john-james-andersen.com/blog/service-now/inserting-xml-into-servicenows-soapmessage-object.html
So the moral of my story is stop using setParameter(name, value) and start using setStringParameter(name, value). Happy coding everyone. Cheers.
