URLPARAM{"name"} -- get value of a URL parameter
- Returns the value of a URL parameter.
- Syntax:
%URLPARAM{"name"}% - Supported parameters:
Parameter: Description: Default: "name"The name of a URL parameter required default="..."Default value in case parameter is empty or missing empty string newline="$br"Convert newlines in textarea to other delimiters. Variables $br(for<br />tag),$n(for newline) are expanded. Other text is encoded based onencodeparameter.no conversion encode="off"Turn off encoding. See important security note below encode="safe"encode="quote"Escape double quotes with backslashes ( \"), does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting.encode="safe"encode="moderate"Encode special characters into HTML entities for moderate cross-site scripting protection: "<",">", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes.encode="safe"encode="safe"Encode special characters into HTML entities for cross-site scripting protection: "<",">","%", single quote (') and double quote (") are encoded.(this is the default) encode="entity"Encode special characters into HTML entities. See ENCODE for more details. encode="safe"encode="html"As encode="entity"except it also encodes newline (\n) and linefeed (\r)encode="safe"encode="url"Encode special characters for URL parameter use, like a double quote into %22encode="safe"multiple="on"multiple="[[$item]]"If set, gets all selected elements of a <select multiple="multiple">tag. A format can be specified, with$itemindicating the element, e.g.multiple="Option: $item"first element separator=", "Separator between multiple selections. Only relevant if multiple is specified "\n"(newline) - Example:
%URLPARAM{"skin"}%returnsprintfor a.../view/TWiki/VarURLPARAM?skin=printURL -
Notes: - IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The
encode="safe"is the default, it provides a safe middle ground. Theencode="entity"is more aggressive, but some TWiki applications might not work. - URL parameters passed into HTML form fields must be entity ENCODEd. Example:
<input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" /> - Double quotes in URL parameters must be escaped when passed into other TWiki variables. Example:
%SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }% - When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
- Watch out for TWiki internal parameters, such as
rev,skin,template,topic,web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts. - If you have
%URLPARAM{in the value of a URL parameter, it will be modified to%<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
- IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The
- Related: ENCODE, SEARCH, FormattedSearch, QUERYSTRING
Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actionsTopic revision: r1 - 2010-03-20 - TWikiContributor
TWiki Web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
DemoWebsite |
|
Copyright &© 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarURLPARAM.