%URLPARAM{"name"}%
Parameter: | Description: | Default: |
---|---|---|
"name" | The name of a URL parameter | required |
default="..." | Default value in case parameter is empty or missing | empty string |
newline="<br />" | Convert newlines in textarea to other delimiters | no conversion |
encode="off" encode="entity" encode="safe" encode="url" encode="quote" | Control how special characters are encoded off : No encoding. Avoid using this when possible. See the security warning below. entity : Encode special characters into HTML entities. See ENCODE for more details. safe : Encode characters '"<>% into HTML entities. url : Encode special characters for URL parameter use, like a double quote into %22 quote : Escape double quotes with backslashes (\" ), does not change other characters; required when feeding URL parameters into other macros. | "safe" |
multiple="on" multiple="[[$item]]" | If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" | first element |
separator=", " | Separator between multiple selections. Only relevant if multiple is specified | "\n" (new line) |
%URLPARAM{"skin"}%
returns print
for a .../view/System/VarURLPARAM?skin=print
URL
%SEARCH{ "%URLPARAM{ "search" encode="quote" }%" noheader="on" }%
rev
, skin
, template
, topic
, web
; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at CommandAndCGIScripts.
%URLPARAM{
in the value of a URL parameter, it will be modified to %<nop>URLPARAM{
. This is to prevent an infinite loop during expansion.
'"<>%
into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.