Forced to do CGI::unescape, an alternative?

Hi, I have a server/client related question.

I’m using a mobile client to update some records on the app using xml.
Now, when using the browser interface we can use forms and the content
is: Content-Type: application/x-www-form-urlencoded, the server side
decodes that automatically.

With the client side I use Content-Type= [text/xml]. However I was just
sending the xml data without escaping characters like &. The result was
that cgi was failing.

To correct that problem I use
EscapeUtils::EscapeEncodeL(*body,EscapeUtils::EEscapeUrlEncoded); That
is Symbian and escapes the reserved characters in a URL
;/?:@&=+$[]!’()~. It is applied to the entire xml

Then from the server side I do:
string = CGI::unescape(params[:message][:subject])

My questions are is:

1- Is this the right approach?
2- Is there a way to do the same without having to decode “manually” at
server side?

Thanks

On 10 Sep 2008, at 07:02, comopasta Gr wrote:

sending the xml data without escaping characters like &. The result

My questions are is:

1- Is this the right approach?.
No. You should be encoding xml entities as the standard says you
should (ie & becomes & < becomes < and > becomes > and so on)

Fred