setStringParameter() vs setStringParameterNoEscape() what is difference? what is the individual use, pros and cons ?

mallikharjunasw
Tera Contributor

setStringParameter() vs setStringParameterNoEscape() what is difference? what is the individual use, pros and cons ?

1 ACCEPTED SOLUTION

Ankur Bawiskar
Tera Patron
Tera Patron

Hi Mallikharjuna,

both have their own uses

setStringParameter() -> to set simple string values such as sys_created_by which won't have special characters

XML reserved characters in the value are converted to the equivalent escaped characters.

setStringParameterNoEscape() -> to set work notes etc where end user can enter special character and in case you want to send that special character as it is without escaping

It does not escape XML reserved characters.

XML reserved characters are: 

> 
<  
&
%  

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

View solution in original post

3 REPLIES 3

Ankur Bawiskar
Tera Patron
Tera Patron

Hi Mallikharjuna,

both have their own uses

setStringParameter() -> to set simple string values such as sys_created_by which won't have special characters

XML reserved characters in the value are converted to the equivalent escaped characters.

setStringParameterNoEscape() -> to set work notes etc where end user can enter special character and in case you want to send that special character as it is without escaping

It does not escape XML reserved characters.

XML reserved characters are: 

> 
<  
&
%  

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

AbhishekGardade
Giga Sage

Hello

setStringParameter() :

Set a REST message function variable with the specified name from the REST message record to the specified value.

XML reserved characters in the value are converted to the equivalent escaped characters. Use setStringParameterNoEscape to set a variable without escaping XML reserved characters.

 

setStringParameterNoEscape()

Set a REST message function variable with the specified name from the REST message record to the specified value.

This method is equivalent to setStringParameter but does not escape XML reserved characters.

For detailed Information:

https://developer.servicenow.com/app.do#!/api_doc?v=kingston&id=r_RMV2-setStrParamNoEscape_S_S

Please mark as Correct Answer/Helpful, if applicable.
Thanks!
Abhishek Gardade

Thank you,
Abhishek Gardade

Andy-L
Tera Contributor

setStringParameter() automatically does XML escaping but this is not really appropriate for most JSON-based APIs.  It is a hangover from when XML/SOAP APIs were the defacto standard and JSON APIs were newer and had not been widely adopted.

 

 

JSON API -> Almost always use setStringParameterNoEscape()

 

SOAP API -> Generally use setStringParameter() for string values unless the input string is already escaped in which case use setStringParameterNoEscape().  In my experience there are usually two reasons the string is already escaped:

the string was obtained from another system and already had the XML escaped. 

the string to be sent will be computed before sending and will contain embedded XML Tags or Attributes that are intended to alter the payload structure (not just the values) - for example, if the payload comprises variable-length arrays or optional elements - then the required XML fragment may be passed inside of the string. Note that any values inserted between the computed tags or attribute values should still be XML-escaped in which case the 5 characters that should be escaped (depending on context) are:  

< 
&
>
' 
"

 

Also see:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0821441

https://stackoverflow.com/a/21758475

https://www.w3.org/TR/xml/#syntax

 

 

 

IMO a new RESTMessageV3 constructor should be provided with cleaner usage.