| | |
|
VarURLPARAM 6 - 2009-02-23 - Main.TWikiContributor
|
| |
| META TOPICPARENT |
name="TWikiVariables" |
URLPARAM{"name"} -- get value of a URL parameter | | |
"name" |
The name of a URL parameter |
required |
default="..." |
Default value in case parameter is empty or missing |
empty string |
newline="<br />" |
Convert newlines in textarea to other delimiters |
no conversion |
| |
<
< |
encode="entity" |
Encode special characters into HTML entities. See ENCODE for more details. |
no encoding |
encode="url" |
Encode special characters for URL parameter use, like a double quote into %22 |
no encoding |
encode="quote" |
Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables |
no encoding |
| >
> |
encode="off" |
Turn off encoding. See important security note below |
encode="safe" |
encode="safe" |
Encode special characters into HTML entities to avoid XSS exploits: "<", ">", "%", single quote (') and double quote (") |
(this is the default) |
encode="entity" |
Encode special characters into HTML entities. See ENCODE for more details. |
encode="safe" |
encode="url" |
Encode special characters for URL parameter use, like a double quote into %22 |
encode="safe" |
encode="quote" |
Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables |
encode="safe" |
| | |
multiple="on"
multiple="[[$item]]" |
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" |
first element |
separator=", " |
Separator between multiple selections. Only relevant if multiple is specified |
"\n" (new line) |
- Example:
%URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
-
 Notes:
| |
<
< |
-
- IMPORTANT: There is a risk that this variable could be misused for cross-site scripting (XSS).
- URL parameters passed into HTML form fields must be entity ENCODEd.
Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" />
| >
> |
-
- IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The
encode="safe" is the default, it provides a safe middle ground. The encode="entity" is more aggressive, but some TWiki applications might not work.
- URL parameters passed into HTML form fields must be entity ENCODEd.
Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" />
| | |
-
- Double quotes in URL parameters must be escaped when passed into other TWiki variables.
Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
- When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
- Watch out for TWiki internal parameters, such as
rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.
|
|
|
|
|
 Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarURLPARAM
|
|
| | |