Layer7 API Management

  • Private Community
 View Only

  • 1.  How better can I escape XML special chars from the context variable value?

    Broadcom Employee
    Posted Dec 21, 2015 05:13 AM

    Using CA API Gateway assertions, I would like to escape special chars (>, <, &, ...) from my context variable values. If my data arrives as JSON, JSON to XML transformation does take care of the same. But, what if the URI and Query Parameters hold my partial input containing all these special chars. I cannot use them as it is inside the XML message. I could expect there's something similar to Encode/Decore Data assertion to do this job.

     

    thanks,

    Raju



  • 2.  Re: How better can I escape XML special chars from the context variable value?

    Posted Dec 21, 2015 09:41 AM

    Hey Raju,

    I believe what you're looking for is the 'encode/decode Data' assertion using the 'URL Encode' Encoding Type.

     

    Encode___Decode_Data_Properties_and_Layer_7_Policy_Manager.png



  • 3.  Re: How better can I escape XML special chars from the context variable value?

    Broadcom Employee
    Posted Dec 21, 2015 11:21 PM

    I appreciate your time. But I don't think this will fit my scenario. We can use this assertion if the data to be sent/received via URL. What if the destination is BODY and the format is XML. We cannot encode the data using URL encoding rules.

     

    thanks,

    Raju



  • 4.  Re: How better can I escape XML special chars from the context variable value?

    Posted Dec 22, 2015 09:55 AM
      |   view attached

    Here's an example of using regular expression assertions to escape XML (policy export attached):

     

    Attachment(s)

    zip
    Escaping XML.xml.zip   1 KB 1 version


  • 5.  Re: How better can I escape XML special chars from the context variable value?

    Broadcom Employee
    Posted Dec 23, 2015 12:07 AM

    Thanks for the reply. It is surprising to me that we have no native support (single assertion which does the job) yet to such an obvious scenario. Wouldn't be good idea to have separate assertion for the same? For performance reasons, would you recommend to have custom assertion in place of these series of REGEX assertions? I think I'm asking too (2) many questions.

     

    thanks,

    Raju



  • 6.  Re: How better can I escape XML special chars from the context variable value?

    Posted Dec 23, 2015 09:14 AM

    I agree that it would be nice if our existing Encode/Decode Data assertion included XML escaping, though surprisingly, XML escaping has not been a common requirement across customers in the many years that I've been working with the gateway. I suggest you submit that idea to the community, so it can be added as an enhancement request to our roadmap.

     

    Regarding using a custom assertion instead, it's doubtful that you would see much, if any, performance improvement versus the handful of simple regular expression assertions. It's not likely that it would justify the additional complexity of creating and managing a custom assertion in your environment. Frankly, while custom assertions are a really neat way to extend your gateway, they're almost never needed and are rarely a good alternative to policy, policy fragments and encapsulated assertions. It's my opinion that it's not appropriate to use a custom assertion in this case, but you may want to consider creating an encapsulated assertion that wraps the sample policy shared above.



  • 7.  Re: How better can I escape XML special chars from the context variable value?

    Broadcom Employee
    Posted Dec 28, 2015 01:36 AM

    Thanks for your valuable directions on it. I would definitely consider alternative (encapsulated) first to the custom assertions.