Customers have requested the ability to un-escape and escape XML within policy to be used in requests to be sent through to back-end services or returned in responses to the client.
A REST service returns XML which may be invalid. Furthermore, it may contain CDATA elements. This service needs to be called as a SOAP service and the original response to be embedded in the SOAP response message.
As CDATA cannot be nested, the simple option of wrapping it all with CDATA will not work. As the source response is known to be sometimes malformed, XSL cannot be used.
Therefore the only option is escaping the special character.
This can be accomplished by converting certain characters (" ' < > &) to the escaped representation ('" ' < > &') and back again through regular expressions. A policy has been attached to this knowledge base article which outlines how it can be used in a simple example.
A feature enhancement has been logged to add this functionality to Encode/Decode Assertion.