QUERYPARAMS -- show paramaters to the query

  • Expands the parameters to the query that was used to display the page.
  • Syntax: %QUERYPARAMS{...}%
  • Supported parameters:
    Parameter: Description: Default:
    format="..." Format string for each entry $name=$value
    separator="..." Separator string separator="$n" (newline)
    encoding="entity"
    encoding="safe"
    encoding="html"
    encoding="quotes"
    encoding="url"
    Control how special characters are encoded. If this parameter is not given, "safe" encoding is performed which HTML entity encodes the characters '"<>%.
    entity: Encode special characters into HTML entities, like a double quote into &#034;. Does not encode \n or \r.
    safe: Encode characters '"<>% into HTML entities. (this is the default)
    html: As type="entity" except it also encodes \n and \r
    quotes: Escape double quotes with backslashes (\"), does not change other characters
    url: Encode special characters for URL parameter use, like a double quote into %22
    type="safe"
  • The following escape sequences are expanded in the format string:
    Sequence: Expands To:
    $name Name of the parameter
    $value String value of the parameter. Multi-valued parameters will have a "row" for each value.
    $n or $n() New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar
    $nop or $nop() Is a "no operation". This token gets removed; useful for nested search
    $quot Double quote (") (\" also works)
    $percnt Percent sign (%)
    $dollar Dollar sign ($)
    $lt Less than sign (<)
    $gt Greater than sign (>)
    $amp Ampersand (&)
  • Example:
    • %QUERYPARAMS{format="<input type='hidden' name='$name' value='$value' encoding="entity" />"}%
  • ALERT! Security warning!
    Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.
  • See also QUERYSTRING, URLPARAM

 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback