Difference: VarURLPARAM (1 vs. 8)

Revision 813 Jun 2011 - TWikiContributor

Line: 1 to 1
 
META TOPICPARENT name="TWikiVariables"

URLPARAM{"name"} -- get value of a URL parameter

Line: 7 to 7
 
Deleted:
<
<
default="..." Default value in case parameter is empty or missing empty string
 
newline="$br" Convert newlines in textarea to other delimiters. Variables $br (for <br /> tag), $n (for newline) are expanded. Other text is encoded based on encode parameter. no conversion
encode="off" Turn off encoding. See important security note below encode="safe"
encode="quote" Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting. encode="safe"
encode="moderate" Encode special characters into HTML entities for moderate cross-site scripting protection: "<", ">", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes. encode="safe"
encode="safe" Encode special characters into HTML entities for cross-site scripting protection: "<", ">", "%", single quote (') and double quote (") are encoded. (this is the default)
Changed:
<
<
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. encode="safe"
encode="html" As encode="entity" except it also encodes newline (\n) and linefeed (\r) encode="safe"
>
>
encode="entity" Encode special characters into HTML entities. See ENCODE for details. encode="safe"
encode="html" Encode special characters into HTML entities. In addition to encode="entity", it also encodes space, newline (\n) and linefeed (\r). Useful to encode text properly in HTML input fields. encode="safe"
 
encode="url" Encode special characters for URL parameter use, like a double quote into %22 encode="safe"
multiple="on"
multiple="[[$item]]"
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (newline)
Added:
>
>
format="..." Format the result. $value expands to the URL parameter. If multiple is specified, $value expands to the result of the concatenated items. "$value"
default="..." Default value in case parameter is empty or missing. The format parameter is not applied. empty string
 
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
  • ALERT! Notes:
    • IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The encode="safe" is the default, it provides a safe middle ground. The encode="entity" is more aggressive, but some TWiki applications might not work.
Changed:
<
<
    • URL parameters passed into HTML form fields must be entity ENCODEd.
      Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" />
>
>
    • URL parameters passed into HTML form fields should be encoded as "html".
      Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="html" }%" />
 
    • Double quotes in URL parameters must be escaped when passed into other TWiki variables.
      Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
    • When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
    • Watch out for TWiki internal parameters, such as rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.

Revision 719 Mar 2010 - TWikiContributor

Line: 1 to 1
 
META TOPICPARENT name="TWikiVariables"

URLPARAM{"name"} -- get value of a URL parameter

Line: 8 to 8
 
Parameter: Description: Default:
"name" The name of a URL parameter required
default="..." Default value in case parameter is empty or missing empty string
Changed:
<
<
newline="<br />" Convert newlines in textarea to other delimiters no conversion
encode="off" Turn off encoding. See important security note below encode="safe"
encode="safe" Encode special characters into HTML entities to avoid XSS exploits: "<", ">", "%", single quote (') and double quote (") (this is the default)
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. encode="safe"
encode="url" Encode special characters for URL parameter use, like a double quote into %22 encode="safe"
encode="quote" Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables encode="safe"
>
>
newline="$br" Convert newlines in textarea to other delimiters. Variables $br (for <br /> tag), $n (for newline) are expanded. Other text is encoded based on encode parameter. no conversion
encode="off" Turn off encoding. See important security note below encode="safe"
encode="quote" Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting. encode="safe"
encode="moderate" Encode special characters into HTML entities for moderate cross-site scripting protection: "<", ">", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes. encode="safe"
encode="safe" Encode special characters into HTML entities for cross-site scripting protection: "<", ">", "%", single quote (') and double quote (") are encoded. (this is the default)
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. encode="safe"
encode="html" As encode="entity" except it also encodes newline (\n) and linefeed (\r) encode="safe"
encode="url" Encode special characters for URL parameter use, like a double quote into %22 encode="safe"
 
multiple="on"
multiple="[[$item]]"
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (new line)
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL

Revision 623 Feb 2009 - TWikiContributor

Line: 1 to 1
 
META TOPICPARENT name="TWikiVariables"

URLPARAM{"name"} -- get value of a URL parameter

Line: 9 to 9
 
"name" The name of a URL parameter required
default="..." Default value in case parameter is empty or missing empty string
newline="<br />" Convert newlines in textarea to other delimiters no conversion
Changed:
<
<
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. no encoding
encode="url" Encode special characters for URL parameter use, like a double quote into %22 no encoding
encode="quote" Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables no encoding
>
>
encode="off" Turn off encoding. See important security note below encode="safe"
encode="safe" Encode special characters into HTML entities to avoid XSS exploits: "<", ">", "%", single quote (') and double quote (") (this is the default)
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. encode="safe"
encode="url" Encode special characters for URL parameter use, like a double quote into %22 encode="safe"
encode="quote" Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables encode="safe"
 
multiple="on"
multiple="[[$item]]"
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (new line)
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
  • ALERT! Notes:
Changed:
<
<
    • IMPORTANT: There is a risk that this variable could be misused for cross-site scripting (XSS).
    • URL parameters passed into HTML form fields must be entity ENCODEd.
      Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" />
>
>
    • IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The encode="safe" is the default, it provides a safe middle ground. The encode="entity" is more aggressive, but some TWiki applications might not work.
    • URL parameters passed into HTML form fields must be entity ENCODEd.
      Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" />
 
    • Double quotes in URL parameters must be escaped when passed into other TWiki variables.
      Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
    • When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
    • Watch out for TWiki internal parameters, such as rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.

Revision 501 Dec 2008 - TWikiContributor

Line: 1 to 1
 
META TOPICPARENT name="TWikiVariables"

URLPARAM{"name"} -- get value of a URL parameter

Line: 16 to 16
 
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (new line)
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
  • ALERT! Notes:
Changed:
<
<
    • URL parameters passed into HTML form fields must be entity ENCODEd.
>
>
    • IMPORTANT: There is a risk that this variable could be misused for cross-site scripting (XSS).
    • URL parameters passed into HTML form fields must be entity ENCODEd.
      Example: <input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" />
 
    • Double quotes in URL parameters must be escaped when passed into other TWiki variables.
      Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
    • When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
    • Watch out for TWiki internal parameters, such as rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.
    • If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
Deleted:
<
<
    • There is a risk that this variable could be misused for cross-site scripting.
 

Revision 413 May 2008 - TWikiContributor

Line: 1 to 1
 
META TOPICPARENT name="TWikiVariables"

URLPARAM{"name"} -- get value of a URL parameter

Line: 15 to 15
 
multiple="on"
multiple="[[$item]]"
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (new line)
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
Changed:
<
<
  • ALERT! Note: URL parameters passed into HTML form fields must be entity ENCODEd.
  • ALERT! Note: Double quotes in URL parameters must be escaped when passed into other TWiki variables.
    Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
  • ALERT! Note: When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
  • ALERT! Note: There is a risk that this variable could be misused for cross-site scripting.
>
>
  • ALERT! Notes:
    • URL parameters passed into HTML form fields must be entity ENCODEd.
    • Double quotes in URL parameters must be escaped when passed into other TWiki variables.
      Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
    • When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
    • Watch out for TWiki internal parameters, such as rev, skin, template, topic, web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.
    • If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
    • There is a risk that this variable could be misused for cross-site scripting.
 
Deleted:
<
<
Note If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
 \ No newline at end of file

Revision 303 Jan 2007 - TWikiContributor

Line: 1 to 1
 
META TOPICPARENT name="TWikiVariables"
Deleted:
<
<
 

URLPARAM{"name"} -- get value of a URL parameter

  • Returns the value of a URL parameter.
  • Syntax: %URLPARAM{"name"}%
Line: 10 to 9
 
"name" The name of a URL parameter required
default="..." Default value in case parameter is empty or missing empty string
newline="<br />" Convert newlines in textarea to other delimiters no conversion
Changed:
<
<
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. no encoding
>
>
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. no encoding
 
encode="url" Encode special characters for URL parameter use, like a double quote into %22 no encoding
encode="quote" Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables no encoding
multiple="on"
multiple="[[$item]]"
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (new line)
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
Changed:
<
<
  • ALERT! Note: URL parameters passed into HTML form fields must be entity ENCODEd.
>
>
  • ALERT! Note: URL parameters passed into HTML form fields must be entity ENCODEd.
 
  • ALERT! Note: Double quotes in URL parameters must be escaped when passed into other TWiki variables.
    Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
  • ALERT! Note: When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
  • ALERT! Note: There is a risk that this variable could be misused for cross-site scripting.
Changed:
<
<
>
>

Note If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.

 \ No newline at end of file

Revision 203 Jan 2007 - TWikiContributor

Line: 1 to 1
 
META TOPICPARENT name="TWikiVariables"
Line: 12 to 12
 
newline="<br />" Convert newlines in textarea to other delimiters no conversion
encode="entity" Encode special characters into HTML entities. See ENCODE for more details. no encoding
encode="url" Encode special characters for URL parameter use, like a double quote into %22 no encoding
Added:
>
>
encode="quote" Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other TWiki variables no encoding
 
multiple="on"
multiple="[[$item]]"
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (new line)
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
Changed:
<
<
  • ALERT! Note: URL parameters passed into HTML form fields must be entity ENCODEd
>
>
  • ALERT! Note: URL parameters passed into HTML form fields must be entity ENCODEd.
  • ALERT! Note: Double quotes in URL parameters must be escaped when passed into other TWiki variables.
    Example: %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%
 

Revision 127 Mar 2005 - TWikiContributor

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="TWikiVariables"

URLPARAM{"name"} -- get value of a URL parameter

  • Returns the value of a URL parameter.
  • Syntax: %URLPARAM{"name"}%
  • Supported parameters:
    Parameter: Description: Default:
    "name" The name of a URL parameter required
    default="..." Default value in case parameter is empty or missing empty string
    newline="<br />" Convert newlines in textarea to other delimiters no conversion
    encode="entity" Encode special characters into HTML entities. See ENCODE for more details. no encoding
    encode="url" Encode special characters for URL parameter use, like a double quote into %22 no encoding
    multiple="on"
    multiple="[[$item]]"
    If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" first element
    separator=", " Separator between multiple selections. Only relevant if multiple is specified "\n" (new line)
  • Example: %URLPARAM{"skin"}% returns print for a .../view/TWiki/VarURLPARAM?skin=print URL
  • ALERT! Note: URL parameters passed into HTML form fields must be entity ENCODEd
  • ALERT! Note: When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
  • ALERT! Note: There is a risk that this variable could be misused for cross-site scripting.
  • Related: ENCODE, SEARCH, FormattedSearch, QUERYSTRING
View topic | History: r8 < r7 < r6 < r5 | More topic actions...
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding The Caboteria? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarURLPARAM.