1

Resolved

Internal server error due to unescaped XML entities

description

The Xrm.DupDetect.checkForDuplicatesRequest(...) function does not escape entity attribute values, which results in invalid XML being generated and sent to the server, which then responds with internal error (exception). String attribute values can contain XML entities (&, <, >) and must be escaped, for example via _xmlEncode function in SDK.Metadata library or CrmEncodeDecode.CrmXmlEncode(...):
case "Lookup":
    ...
    attributesXml.push("<a:Name>" + CrmEncodeDecode.CrmXmlEncode(value[0].name) + "</a:Name></c:value>");
    break;
...
default:
    ...
    attributesXml.push(" xmlns:d=\"http://www.w3.org/2001/XMLSchema\">" + CrmEncodeDecode.CrmXmlEncode(value) + "</c:value>");

comments

JLattimer wrote Feb 13, 2014 at 3:17 AM

Fixed in v1.0.1.0 - thanks!

wrote Feb 13, 2014 at 3:18 AM