Difference: VarURLPARAM (9 vs. 10)

Revision 102018-07-14 - TWikiContributor

Line: 1 to 1
META TOPICPARENT name="TWikiVariables"

URLPARAM{"name"} -- get value of a URL parameter

Line: 15 to 15
encode="entity" Encode special characters into HTML entities. See ENCODE for details. encode="safe"
encode="html" Encode special characters into HTML entities. In addition to encode="entity", it also encodes space, newline (\n) and linefeed (\r). Useful to encode text properly in HTML input fields. encode="safe"
encode="url" Encode special characters for URL parameter use, like a double quote into %22 encode="safe"
encode="search" Special encoding used for SEARCH: Substitute % characters into non-printable characters, so that TWikiVariables are no longer expanded. Also escapes quotes. Used to feed a search string from a URLPARAM into SEARCH without expanding any variables, such as when searching for %BR%. type="url"
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (newline)
format="..." Format the result. $value expands to the URL parameter. If multiple is specified, $value expands to the result of the concatenated items. "$value"
Line: 23 to 24
  • ALERT! Notes:
    • IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The encode="safe" is the default, it provides a safe middle ground. The encode="entity" is more aggressive, but some TWiki applications might not work.
    • URL parameters passed into HTML form fields should be encoded as "html".
      Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="html" }%" />
    • Double quotes in URL parameters must be escaped when passed into other TWiki variables.
      Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
    • Double quotes in URL parameters must be escaped when passed into other TWiki variables.
      Example: %SET{ "lunch" value="%ENCODE{ "string with "quotes"" type="quotes" }%" remember="1" }%
    • Percent characters and double quotes in URL parameters should be escaped when passed into a SEARCH variable.
      Example: %SEARCH{ "%URLPARAM{ "query" encode="search" }%" noheader="on" }%
    • When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
    • Watch out for TWiki internal parameters, such as rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.
    • If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 1999-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarURLPARAM.