When creating a SOAP request with an AssignMessage policy, very often I need to insert {variables} that may have special characters (like <, > or &) in the <Payload > section, with the purpose to create a valid XML (SOAP request).

For example:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="build-soap-request">
    <DisplayName>Build getSubcriberInfo SOAP Request</DisplayName>
    <Add>
        <Headers>
            <Header name="SOAPAction">getSubcriberInfo</Header>
        </Headers>
    </Add>
    <Set>
        <Payload contentType="text/xml; charset=utf-8">
            <soapenv:Envelope
                xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                xmlns:ups="http://www.company.com/Upselling/">
                <soapenv:Header>
                </soapenv:Header>
                <soapenv:Body>
                    <ups:getSubcriberInfo>
                        <customer>{inputs.customer}</customer>
                    </ups:getSubcriberInfo>
                </soapenv:Body>
            </soapenv:Envelope>
        </Payload>
        <Verb>POST</Verb>
        <Path>/Company/GetSubscriberInfo/V1</Path>
    </Set>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

In the example above, the variable {inputs.customer} was Extracted from a Query Parameter, so it may contain special characters.

If that's the case, the above Payload will be an invalid XML document and therefor the SOAP request will fail.

or worse... the {inputs.customer} can be a way to inject XML into the payload for malicious purposes.

Is there an easy way to properly encode the variable to XML before inserting into the Payload?