ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TML special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

  Parameter:	Description:	Default:
  "string"	String to encode	required (can be empty)
  type="entity" type="safe" type="html" type="quotes" type="url"	Control how special characters are encoded entity: Encode special characters into HTML entities, like a double quote into &#034;. Does not encode \n or \r. safe: Encode characters '"<>% into HTML entities. html: As type="entity" except it also encodes \n and \r quotes: Escape double quotes with backslashes (\"), does not change other characters url: Encode special characters for URL parameter use, like a double quote into %22 (this is the default)	type="url"

• Example: %ENCODE{"spaced name"}% expands to spaced%20name
• Values of HTML input fields must be entity encoded.
  Example: <input type="text" name="address" value="%ENCODE{ "any text" type="entity" }%" />
• Double quotes in strings must be escaped when passed into other macros.
  Example: %SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%
• ENCODE can be used to filter user input from URL parameters and similer to protect against cross-site scripting. The safest approach is to use type="entity". This can however prevent an application from fully working. You can then use type="safe" which encodes only the characters '"<>% into HTML entities (same as encode="safe"). When ENCODE is passing a string inside another macro always use double quotes ("") type="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.

• Related: URLPARAM