cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Deprecated class de.hybris.platform.webservicescommons.util.YSanitizer

chun18
Explorer

a month ago - last edited a month ago

0 Kudos
176

de.hybris.platform.webservicescommons.util.YSanitizer is marked as deprecated since 2211.23, but it doesn't say which class to use instead. There's de.hybris.platform.util.Sanitizer, but the method sanitize() seems to be a bit different. 

What should I replace de.hybris.platform.webservicescommons.util.YSanitize with?

Thank you!

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

mansurarisoy
Contributor
a month ago

Yes, you are right. The sanitize() method in YSanitizer is different from the one in the Sanitizer class, but it seems that the OOTB code is using Sanitizer.sanitize() as a replacement. You can see the following classes as examples from the commercewebservices extension:

  • DefaultContextInformationLoader class under de.hybris.platform.commercewebservices.core.context.impl package
  • BaseSiteMatchingFilter class under de.hybris.platform.commercewebservices.core.v2.filter package
  • CartsController class under de.hybris.platform.commercewebservices.core.v2.controller package

First line of both methods are the same

StringUtils.defaultString(input).trim()

 After this line, YSanitizer class first removes all CRLF chars with space

CRLF.matcher(output).replaceAll(" ")

And after that calls escapeHtml method of org.apache.commons.lang.StringEscapeUtils. This method replaces some special chars with their HTML names (e.g. € becomes €)

StringEscapeUtils.escapeHtml(output)

However, after first line, Sanitizer class only removes the chars between 0-31 and 127-159 with the following line

CharMatcher.javaIsoControl().removeFrom(trimmed)

Since it removes the chars in the range from the string, CRLF chars (10 and 13) are also removed.

I wrote a simple Groovy to see the differences between to sanitize methods, you can also test it on HAC and see the differences:

import de.hybris.platform.util.Sanitizer
import de.hybris.platform.util.Utilities
import de.hybris.platform.webservicescommons.util.YSanitizer


StringBuilder chars = new StringBuilder();
for(char i = 0; i < 200; i++){
    chars.append("Char #");
    chars.append((int) i);
    chars.append(": ");
    chars.append(i);
    chars.append(System.lineSeparator());
}

String charsStr = chars.toString();
String ySanitized = YSanitizer.sanitize(charsStr);
String sanitized = Sanitizer.sanitize(charsStr);
String apacheLangHtmlEscapedAfterSanitized = org.apache.commons.lang.StringEscapeUtils.escapeHtml(sanitized);
String apacheTextHtmlEscaped3AfterSanitized = org.apache.commons.text.StringEscapeUtils.escapeHtml3(sanitized);
String apacheTextHtmlEscaped4AfterSanitized = org.apache.commons.text.StringEscapeUtils.escapeHtml4(sanitized);
String utilitiesHtmlEscapedAfterSanitized = Utilities.escapeHTML(sanitized);

println(charsStr);
println("YSanitizer.sanitize(): " + ySanitized)
println("Sanitizer.sanitize(): " + sanitized)
println("lang.StringEscapeUtils.escapeHtml(): " + apacheLangHtmlEscapedAfterSanitized)
println("text.StringEscapeUtils.escapeHtml3(): " + apacheTextHtmlEscaped3AfterSanitized)
println("text.StringEscapeUtils.escapeHtml4(): " + apacheTextHtmlEscaped4AfterSanitized)
println("Utilities.escapeHTML(): " + utilitiesHtmlEscapedAfterSanitized)

 Hope this clarifies the difference between two classes

Show replies
Show replies
kulayappa
Associate
Associate
a month ago

Hi,
There is a class in the platform package. you can replace  de.hybris.platform.webservicescommons.util.YSanitize  with 
de.hybris.platform.util.Sanitizer#sanitize

Hope this helps you.


Show replies
Show replies
Ask a Question