Thanks for sharing your question.I shared your inquiry with our seller support team. If you haven't done so already, please contact the team at firstname.lastname@example.org for assistance.
Ariba Exchange Community Manager
I heard back from the Commerce Assistance team. Here's the guidance that they offered, courtesy of the Ariba Catalog team:
When a PunchOut website embeds the PunchOutOrderMessage in the cXML-urlencoded, hidden form field, it must ensure that special Extensible Markup Language (XML) and Hypertext Markup Language (HTML) characters are properly encoded for the multiple layers of transport. The preferred alternative for this specialized encoding utilizes the Base64-encoded hidden field, which additionally supports extended characters that the cXML-urlencoded field does not.
In the PunchOutOrderMessage, encode these characters:
- " -> " (This needs encoding because the PunchOutOrderMessage is embedded inside the input cXML-urlencoded attribute's value. An actual quotation mark indicates the value's end to the browser.)
- & -> &amp; (This character, both a special XML character and a special HTML character, must be double-encoded. The browser actually POSTS this to its destination as &, the correct encoding for an ampersand in a cXML document.)
Additionally, if any of the element content contains angle brackets (less than or greater than ("<" or ">")), escape these as well:
- < -> &lt;
- > -> &gt;
Both of these special XML and HTML characters are double-encoded. For example, if a product description is: "2" x 4" pine board, < 0.02" deviation (red & white)," the cXML-urlencoded field would look like this within the HTML source:
<Description xml:lang="en">2" x 4" pine board, &lt; 0.02" deviation (red &amp; white)</Description>
However, using the Base64-encoded field, rather than the cXML-urlencoded field is preferred, since Base64-encoded data does not need any HTML special characters escaped.
If you need further assistance, contact the Commerce Assistance team and asked to have your inquiry escalated to Technical Support.