URLPARAM{"name"} -- get URL or HTTP POST parameter value

• Returns the value of the named parameter in the URL or HTTP POST request.
• Syntax: %URLPARAM{"name"}%
• Supported parameters:

  Parameter:	Description:	Default:
  "name"	The name of a URL parameter	required
  default="..."	Default value, used if the parameter is not present	empty string
  encode="off" encode="entity" encode="safe" encode="url" encode="quote"	Control how special characters are encoded off: No encoding. Avoid using this when possible. See the security warning below. entity: Encode special characters into HTML entities. See ENCODE for more details. safe: Encode characters '"<>% into HTML entities. url: Encode special characters for URL parameter use, like a double quote into %22 quote: Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other macros.	"safe"
  multiple="on" multiple="[[$item]]"	If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" (also supports the standard format tokens)	first element
  newline="<br />"	Convert newlines in textarea to other delimiters	no conversion
  separator=", "	Separator between multiple selections. Only relevant if multiple is specified	"\n" (new line)

• Example: %URLPARAM{"skin"}% returns print for a .../view/System/VarURLPARAM?skin=print URL
• Notes:
  • URL parameters passed into HTML form fields must be entity ENCODEd.
  • Double quotes in URL parameters must be escaped when passed into other macros.
    Example: %SEARCH{ "%URLPARAM{ "search" encode="quote" }%" noheader="on" }%
  • When used in a template topic, this macro will be expanded when the template is used to create a new topic. See TemplateTopics#TemplateTopicsVars for details.
  • Watch out for internal parameters, such as rev, skin, template, topic, web; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at CommandAndCGIScripts.
  • If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
  • Security warning! Using URLPARAM can easily be misused for cross-site scripting unless specific characters are entity encoded. By default URLPARAM encodes the characters '"<>% into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.
• Related: ENCODE, SEARCH, FormattedSearch, QUERYSTRING