Difference: VarURLPARAM (r8 vs. r7)

URLPARAM{"name"} -- get value of a URL parameter

  • Returns the value of a URL parameter.
  • Syntax: %URLPARAM{"name"}%
  • Supported parameters:
    Parameter:Description:Default:
    "name" The name of a URL parameter required
    default="..." newline="$br" Default value Convert newlines in case parameter is empty or textarea to other delimiters. Variables missing $br (for <br /> tag), $n (for newline) are expanded. Other text is encoded based on encode parameter. empty string no conversion
    newline="$br" encode="off" Convert newlines in textarea to other delimiters. Variables Turn off encoding. See important security note below $br (for <br /> tag), $n (for newline) are expanded. Other text is encoded based on encode parameter. no conversion encode="safe"
    encode="off" encode="quote" Turn off encoding. See important security Escape double quotes with backslashes ( note below \"), does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting. encode="safe"
    encode="quote" encode="moderate" Escape double quotes with backslashes ( Encode special characters into HTML entities for moderate cross-site scripting protection: \" "<" ), , does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting. ">", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes. encode="safe"
    encode="moderate" encode="safe" Encode special characters into HTML entities for moderate cross-site scripting protection: "<", ">", "%", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes. encode="safe" (this is the default)
    encode="safe" encode="entity" Encode special characters into HTML entities for entities. See cross-site scripting protection: "<"ENCODE, for details. ">", "%", single quote (') and double quote (") are encoded. (this is the default) encode="safe"
    encode="entity" encode="html" Encode special characters into HTML entities. See In addition to ENCODEencode="entity"for more details. , it also encodes space, newline ( \n) and linefeed (\r). Useful to encode text properly in HTML input fields. encode="safe"
    encode="html" encode="url" As Encode special characters for URL parameter use, like a double quote into encode="entity" %22 except it also encodes newline (\n) and linefeed (\r) encode="safe"
    encode="url" multiple="on"
    multiple="[[$item]]"
    Encode special characters for URL parameter use, If set, gets all selected elements of like a double quote into %22 multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item"encode="safe" first element
    multiple="on" separator=", "
    multiple="[[$item]]"
    If set, gets all selected elements of a Separator between multiple selections. Only relevant if multiple is specified <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element "\n" (newline)
    separator=", format="..." " Separator between multiple Format the result. selections. Only relevant if multiple is specified $value expands to the URL parameter. If multiple is specified, $value expands to the result of the concatenated items. "\n" "$value" (newline)
    default="..." Default value in case parameter is empty or missing. The format parameter is not applied. empty string
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
  • ALERT! Notes:
    • IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The encode="safe" is the default, it provides a safe middle ground. The encode="entity" is more aggressive, but some TWiki applications might not work.
    • URL parameters passed into HTML form fields must should be entity ENCODEd encoded as "html".
      Example: encode="entity" encode="html" }%" />
    • Double quotes in URL parameters must be escaped when passed into other TWiki variables.
      Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
    • When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
    • Watch out for TWiki internal parameters, such as rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.
    • If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
  • Related: ENCODE, SEARCH, FormattedSearch, QUERYSTRING

View topic | View difference side by side | History: r8 < r7 < r6 < r5 | More topic actions
 
This site is powered by the TWiki collaboration platformCopyright © 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarURLPARAM.