- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-05-2019 07:12 AM
setStringParameter() vs setStringParameterNoEscape() what is difference? what is the individual use, pros and cons ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2019 12:01 AM
Hi Mallikharjuna,
both have their own uses
setStringParameter() -> to set simple string values such as sys_created_by which won't have special characters
XML reserved characters in the value are converted to the equivalent escaped characters.
setStringParameterNoEscape() -> to set work notes etc where end user can enter special character and in case you want to send that special character as it is without escaping
It does not escape XML reserved characters.
XML reserved characters are:
>
<
&
%
Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2019 12:01 AM
Hi Mallikharjuna,
both have their own uses
setStringParameter() -> to set simple string values such as sys_created_by which won't have special characters
XML reserved characters in the value are converted to the equivalent escaped characters.
setStringParameterNoEscape() -> to set work notes etc where end user can enter special character and in case you want to send that special character as it is without escaping
It does not escape XML reserved characters.
XML reserved characters are:
>
<
&
%
Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2019 12:05 AM
Hello
setStringParameter() :
Set a REST message function variable with the specified name from the REST message record to the specified value.
XML reserved characters in the value are converted to the equivalent escaped characters. Use setStringParameterNoEscape to set a variable without escaping XML reserved characters.
setStringParameterNoEscape()
Set a REST message function variable with the specified name from the REST message record to the specified value.
This method is equivalent to setStringParameter but does not escape XML reserved characters.
For detailed Information:
https://developer.servicenow.com/app.do#!/api_doc?v=kingston&id=r_RMV2-setStrParamNoEscape_S_S
Please mark as Correct Answer/Helpful, if applicable.
Thanks!
Abhishek Gardade
Abhishek Gardade
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-20-2024 05:04 AM - edited ‎05-29-2024 10:35 AM
setStringParameter() automatically does XML escaping but this is not really appropriate for most JSON-based APIs. It is a hangover from when XML/SOAP APIs were the defacto standard and JSON APIs were newer and had not been widely adopted.
JSON API -> Almost always use setStringParameterNoEscape()
SOAP API -> Generally use setStringParameter() for string values unless the input string is already escaped in which case use setStringParameterNoEscape(). In my experience there are usually two reasons the string is already escaped:
the string was obtained from another system and already had the XML escaped.
the string to be sent will be computed before sending and will contain embedded XML Tags or Attributes that are intended to alter the payload structure (not just the values) - for example, if the payload comprises variable-length arrays or optional elements - then the required XML fragment may be passed inside of the string. Note that any values inserted between the computed tags or attribute values should still be XML-escaped in which case the 5 characters that should be escaped (depending on context) are:
<
&
>
'
"
Also see:
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0821441
https://stackoverflow.com/a/21758475
https://www.w3.org/TR/xml/#syntax
IMO a new RESTMessageV3 constructor should be provided with cleaner usage.