Man... dealing with & (ampersands) in SOA, web services, XML, and REST sucks. Dealing with special characters in general sucks-having to figure out if the product or tool is escaping/encoding them for you or not.

Recently, I had to update my BPEL process to replace every occurrence of & in the input and replace it with %26%26.

The problem is, here's how the Receive activity in my SOA instance looked like. Clearly it's telling me that the Name element is coming in with the data Assessment & Authorization:

While this is true, what the console doesn't tell you is that though the input indeed came in as Assessment & Authorization, BPEL automatically encodes the ampersand, so the data in my instance was actually Assessment & Authorization.

It's just that when it gets displayed on a web console, the browser renders it as &.

This put me on a multi-day troubleshooting effort, all because I thought I was manipulating & instead of & in my data.

Moral of the story, be cautious about what you see on a web console when it comes to special characters!