Log In | Users | Register

TWiki

Tools

General Info

About TWiki Web

spacer
Edit | Attach | New | Raw | Delete | History | Diff | Print | Pdf | Subscribe | Tools
You are here: TWiki » Macros » VarQUERYPARAMS

QUERYPARAMS -- show paramaters to the query

  • Expands the parameters to the query that was used to display the page.
  • Syntax: %QUERYPARAMS{...}%
  • Supported parameters:
    Parameter: Description: Default:
    format="..." Format string for each entry $name=$value
    separator="..." Separator string separator="$n" (newline)
    encoding="entity"
    encoding="safe"
    encoding="html"
    encoding="quotes"
    encoding="url"     		Control how special characters are encoded. If this parameter is not given, "safe" encoding is performed which HTML entity encodes the characters '"<>%.
    entity: Encode special characters into HTML entities, like a double quote into &#034;. Does not encode \n or \r.
    safe: Encode characters '"<>% into HTML entities. (this is the default)
    html: As type="entity" except it also encodes \n and \r
    quotes: Escape double quotes with backslashes (\"), does not change other characters
    url: Encode special characters for URL parameter use, like a double quote into %22     		type="safe"
  • The following escape sequences are expanded in the format string:
    Sequence: Expands To:
    $name Name of the parameter
    $value String value of the parameter. Multi-valued parameters will have a "row" for each value.
    $n or $n() New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar
    $nop or $nop() Is a "no operation". This token gets removed; useful for nested search
    $quot Double quote (") (\" also works)
    $percnt Percent sign (%)
    $dollar Dollar sign ($)
    $lt Less than sign (<)
    $gt Greater than sign (>)
    $amp Ampersand (&)
  • Example:
    • %QUERYPARAMS{format="<input type='hidden' name='$name' value='$value' encoding="entity" />"}%
  • ALERT! Security warning!
    Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.
  • See also QUERYSTRING, URLPARAM
DBCachePlugin: VarQUERYPARAMS not found
spacer
Changed by ProjectContributor on 09 Jan 2009 - 13:00 - r1
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Wiki? Send feedback
Syndicate this site RSS ATOM