Home
Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
Reference
Topics in the Reference section contain all of the HCL Commerce reference documentation.
HCL Commerce foundation tag library
The HCL Commerce foundation JSTL tag library is a collection of custom tags that are provided to you to support the authoring of HCL Commerce JSP files. HCL Commerce stores use the JavaServer Pages Standard Tag Library (JSTL) to perform logic, instead of Java code. At the same time, business logic is moved into data beans. The combination of these steps allows for less Java code in a JSP page.
Tag: out
The <wcf:out> tag is used to display the output to the user. This tag provides an option to use an encoding library to encode the output value, protecting against possible cross-site scripting attacks.

Documentation
HCL Commerce is a high-availability, highly scalable and customizable e-commerce platform. Able to support hundreds of thousands of transactions per day, HCL Commerce allows you to do business with consumers (B2C) or directly with businesses (B2B). HCL Commerce uses cloud friendly technology to make deployment and operation both easy and efficient. It provides easy-to-use tools for business users to centrally manage a cross-channel strategy. Business users can create and manage precision marketing campaigns, promotions, catalog, and merchandising across all sales channels. Business users can also use AI enabled content management capabilities.
- Getting started
  HCL Commerce has different advantages for business users, administrators and developers. HCL Commerce targets each of these roles with a tailored set of offerings so that each of your users can get maximum benefit.
- Installing and deploying
  Learn how to install and deploy HCL Commerce development environments and HCL Commerce production environments.
- Migrating
  Before you migrate to HCL Commerce Version 9.1, review this information to help plan and execute your migration.
- Operating
  Topics in the Operating category highlight tasks that are typically performed by business users, customer support representatives, to complete their day-to-day tasks in the operation of the HCL Commerce site.
- Integrating
  Topics in the Integrating category highlight the tasks that are commonly performed for using HCL Commerce in combination with other products.
- Administering
  Topics in the Administering category highlight tasks that are typically performed by the Site Administrator, to support daily operations of the HCL Commerce site.
- Customizing
  The topics in the Customizing section describe tasks performed by an application developer to customize HCL Commerce.
- Tutorials
  HCL Commerce provides many tutorials to help you customize and understand your HCL Commerce instance and stores.
- Samples
  Topics in the Samples category highlight the various samples that are provided with HCL Commerce.
- Compliance
  The following section describes how you can leverage HCL Commerce features and functionality to help your site be compliant with different privacy and security standards.
- Securing
  These topics describe the security features of HCL Commerce and how to configure these features.
- Performance
  Topics in the Performance section describe the means by which to plan, implement, test, and re-visit the optimization of HCL Commerce site performance.
- Troubleshooting
  Topics in the Troubleshooting section highlight common issues that are encountered with HCL Commerce, and how they can be addressed or mitigated.
- Reference
  Topics in the Reference section contain all of the HCL Commerce reference documentation.
  - HCL Commerce API reference
    HCL Commerce exposes two main programming APIs. The first and newest API is a REST interface, and most new classes are exposed here. The legacy Java API also contains new classes not suitable for REST, and can be browsed in Javadoc format.
  - Cross-reference of data beans and tables
    Data beans are grouped into several component groups.
  - Cross-reference of commands, tasks, and tables
    URL commands, controller commands, task commands, view commands and tables are related to each other.
  - Cross reference: Commands to beans to database tables
    Use this information when you are customizing a command and you want to know which tables are affected. You should also use this topic if you are modifying a table and want to know which commands and beans are affected.
  - Run Engine commands
    The following Run Engine commands are available by default for you to configure the applications that are running inside the containers.
  - Entering Docker containers
    To enter a Docker container you can complete the following steps.
  - Docker container start up logic for HCL Commerce Version 9.1
    When you deploy a container from an HCL provided image, an Entrypoint.sh helper script determines the configurations to use while starting up the container. Review the following information to learn about what the helper script does, and how you can customize the configurations.
  - HCL Commerce database schema
    The HCL Commerce database model was designed for data integrity and optimal performance. HCL Commerce provides several hundred tables that store HCL Commerce instance data. To maintain data integrity, and to ease maintenance referential integrity, constraints are widely used in the database model. Indexes are used carefully on tables to avoid over-indexing and to provide a good balance between data retrieval and data manipulation activities (insert and update). The business rules are implemented at the application level rather than by using database trigger. Triggers, however, are used to facilitate data staging and optimistic locking. A limited number of SQL-based database stored procedures are used for data intensive activities.
  - Payments subsystem
    In HCL Commerce, payment processing uses the Payments subsystem.
  - Dynamic caching
    In general, caching improves response time and reduces system load. Caching techniques are used to improve the performance of World Wide Web Internet applications. Most techniques cache static content (content that rarely changes) such as graphic and text files. However, many websites serve dynamic content, containing personalized information or data that changes more frequently. Caching dynamic content requires more sophisticated caching techniques, such as those provided by the WebSphere Application Server dynamic cache, a built-in service for caching and serving dynamic content.
  - HCL Commerce store pages properties
  - Cache-entry elements
    The root element of the cachespec.xml file, <cache>, contains <cache-entry> elements. The WebSphere dynamic cache service parses the cachespec.xml file during start-up, and extracts a set of configuration parameters from each <cache-entry> element.
  - Data Load utility configuration file schema
    The Data Load utility contains several configuration files. You can use the configuration file schema to understand and customize the data load configuration files.
  - HCL Commerce web services
    HCL Commerce provides many web services.
  - Utilities
    In HCL Commerce utilities are scripts that perform operations such as loading access control policies, loading store data, and cleaning the database of obsolete objects. In runtime environments, run utilities from the Utility server Docker container. In the development environment, run utilities from the bin directory.
  - Shopping flow URLs
    HCL Commerce shopping flow URLs are organized by subsystem.
  - Messaging system URLs
    The following URLs relate to the Messaging system.
  - Scheduler URLs
    The server subsystem consists of functions that are associated with URLs that are run by the scheduler.
  - jQuery Enhancements API
    The Aurora starter store in HCL Commerce is completely written in jQuery, which is one of the most commonly used JavaScript libraries used in dynamic websites. The jQuery AJAX and events API provides an easy to use framework that meets most AJAX requirements for storefront development.
  - HCL Commerce foundation tag library
    The HCL Commerce foundation JSTL tag library is a collection of custom tags that are provided to you to support the authoring of HCL Commerce JSP files. HCL Commerce stores use the JavaServer Pages Standard Tag Library (JSTL) to perform logic, instead of Java code. At the same time, business logic is moved into data beans. The combination of these steps allows for less Java code in a JSP page.
    - Tag: cdata
      The wcf:cdata tag sets the specified data in XML format within a CDATA section and encodes the string that ends a CDATA section to avoid nested CDATA sections.
    - Tag: contextData
      The wcf:contextData tag sets a business context data value for an HCL Commerce service request. The business context data values specified with the wcf:contextData tag are appended to any business context values that are associated with the current session. The new business context values are in effect only for the current HCL Commerce service request. The values do not persist into the session. Use this tag only as a tag of the wcf:getData tag.
    - Deprecated feature: Tag: declareService
      The wcf:declareService tag adds client-side support for invoking a service request. The ID is used to register the specified service so it can be invoked with the wc.service.invoke(serviceId, parameters) function. The parameters parameter is an object map that is passed as parameters to the service URL.
    - Deprecated feature: Tag: declareRenderContext
      The wcf:declareRenderContext tag adds the client-side render context support to the current page. The ID passed to this tag is used to identify the render context. If this tag is already called for this request and ID, then no further call is made.
    - Deprecated feature: Tag: declareRefreshController
      The wcf:declareRefreshController tag declares a refresh area controller. The refresh area controller provides the JavaScript logic that listens to changes in the render context and the model. It refreshes the refresh areas that are registered to the controller. Refresh areas are declared using the wc.widget.RefreshArea widget and by specifying the ID of a declared refresh controller for the controllerId attribute.
    - Tag: defineObjects
      The wcf:defineObjects tag defines the renderContext and businessContext objects in a JSP page. The renderContext object maps render context name and values to single value render context string values. The businessContext object maps business context data names to the current value for the names.
    - Tag: eMarketingSpotCache
      You can include the wcf:eMarketingSpotCache tag within an e-Marketing Spot JSP fragment to indicate that the JSP fragment is to be dynamically cached. This tag dynamically sets dependency IDs for e-Marketing Spot cache entries.
    - Tag: getData
      The wcf:getData tag retrieves data objects from an HCL Commerce service. The wcf:param tag and the wcf:contextData tags are elements of the wcf:getData tag.
    - Tag: json
      The wcf:json tag converts a specified Java object to JavaScript Object Notation (JSON).
    - Tag: metadata
      The wcf:metadata tag retrieves metadata information that can be returned in response to a Get BOD request that is used for authoring. For example, workspaces in Management Center.
    - Tag: param
      The wcf:param tag adds a named parameter value to the parent tag. The wcf:param tag can be specified as a element of the wcf:getData tag.
    - Tag: rest
      The wcf:rest tag sends REST requests.
    - Tag: set
      The wcf:set tag adds values into an object, such as Collections or Maps, that is created with the wcf:useBean tag.
    - Tag: out
      The <wcf:out> tag is used to display the output to the user. This tag provides an option to use an encoding library to encode the output value, protecting against possible cross-site scripting attacks.
    - Tag: url
      The wcf:url tag builds a URL and applies the appropriate HCL Commerce supported rewriting rules.
    - Tag: useBean
      The wcf:useBean tag creates a list or map object.

Tag: out

The <wcf:out> tag is used to display the output to the user. This tag provides an option to use an encoding library to encode the output value, protecting against possible cross-site scripting attacks.

The <wcf:out> tag is used to check for the <XSiteScriptingProtection enable="true"/> attribute in the wc-server.xml file. If the enable attribute is set to true, <wcf:out> verifies that an encoding library can be used to encode the output value. If the enabled attribute is false, the <wcf:out> tag behaves like a <c:out> tag.

You can use the following syntax to escape Javascript special characters:

<wcf:out value="${localeValue}" escape="true" escapeFormat="js" />

This would escape the following characters:

<
>
&
'
"
\
\n
\r
\t
\f

The <wcf:out> tag reads an XSiteEncoding.properties file to decide on the following properties:

The encoder class to use.
The encoder instance method to use.
The encoder methods for each of the escape formats.

Tag information
Tag information
Body Content	empty

Attributes

Attributes
Attribute	Required	Request-time	Type	Description
`value`	`true`	`true`	`java.lang.String`	That value that displays to the user.
`escape`	`false`	`true`	`java.lang.String`	A flag that indicates whether the value is to be escaped or not.
`escapeFormat`	`false`	`true`	`java.lang.String`	The escape format to use. The default value is `xml`. Other possible values are `html`, `js`, and `url`.

Variables

No variables are defined for the <wcf:out> tag.

Example

The following example is a snippet of a XSiteEncoding.properties file that uses the OWASP ESAPI library for encoding:

#Begin XSiteEncoding.properties
#This file sets the encoder properties defined corresponding to OWASP library.

#The encoder class 
EncoderClass=org.owasp.esapi.ESAPI

#The static instance method which returns the instance of the Encoder.
EncoderInstanceMethod=encoder

#The escape formats and their corresponding method in the Encoder instance.
js=encodeForJavaScript
html=encodeForHTML
xml=encodeForXML
url=encodeForURL

#End XSiteEncoding.properties