HTML character escaping

It is possible to enable the escaping of certain characters for a number of KKEngIf API calls. Currently the API calls are :

The characters that are escaped can be defined in the konakart.properties file:

konakart.escape.chars = [\":&quot;][':&#39;][&:&amp;][<:&lt;][>:&gt;]

By default the property konakart.escape.chars is commented out, which disables the escaping. If uncommented, by default 5 characters are escaped although by modifying the value of the property you can add more or remove some of the characters.

To provide further flexibility, the CustomerMgr has the following methods:

The OrderMgr has:

The ReviewMgr has:

These methods are called to perform the actual escaping and they all follow a similar pattern:


    /**
     * Escape the Strings in the Order object using the rules defined in the properties file by the
     * property konakart.escape.chars . This method may be overridden in a custom manager to add
     * exceptions for attributes that don't need to be escaped or to disable the escaping
     * completely.
     * 
     * @param order
     */
    public void escapeOrder(OrderIf order)
    {
        if (getHTMLEscaper() == null || order == null)
        {
            return;
        }
        KKBeanEscaper escaper = new KKBeanEscaper(getHTMLEscaper());
        escaper.escapeOrder(order, null);
    }

			

From the above snippet of code you can see that the method that actually performs the escaping is escapeOrder() which is passed the order object and a String[] called the excludeArray (in the above case, set to null) where you can add attributes of the Order object that shouldn’t be escaped. For example, a value of:

String excludeArray = new String[] { "orderProducts.custom1", "custom1" };

would instruct the method to not escape the custom1 attribute of the order and the custom1 attribute of the orderProducts attribute.

To customize the behaviour of the escaping you may use your own managers with customized versions of the escape*() methods.