Currently, the API doesn't encode values containing XML special characters.
Given these values are always likely to be plain-text, it would seem to be useful to automatically escape these values. Or provide an option in the default setup in the documentation. There doesn't seem to be a down-side, and I imagine this would be the expected behaviour and currently it can generate hard to track down bugs (400 Bad Request errors).
Currently, the API doesn't encode values containing XML special characters.
Given these values are always likely to be plain-text, it would seem to be useful to automatically escape these values. Or provide an option in the default setup in the documentation. There doesn't seem to be a down-side, and I imagine this would be the expected behaviour and currently it can generate hard to track down bugs (400 Bad Request errors).