QUERYPARAMS -- show parameters to the query

Expands the parameters to the query that was used to display the page.

Parameters

Parameter: Description: Default:
format Format string for each entry $name=$value
separator Separator string $n (newline)
encoding Control how special characters are encoded. If this parameter is not given, safe encoding is performed which HTML entity encodes the characters '"<>%.
entity - Encode special characters into HTML entities, like a double quote into &#034;. Does not encode \n or \r.
safe - Encode characters '"<>% into HTML entities. (this is the default)
html - As type="entity" except it also encodes \n and \r
quotes - Escape double quotes with backslashes (\"), does not change other characters
url - Encode special characters for URL parameter use, like a double quote into %22
safe
The following tokens are expanded in the format string:
Token Expands To
$name Name of the parameter
$value String value of the parameter. Multi-valued parameters will have a "row" for each value.
In addition the standard FormatTokens are also expanded.

Examples

   %QUERYPARAMS{
     format="<input type='hidden' name='$name' value='$value' encoding="entity" />"
   }%
ALERT! Security warning!

Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are advised to install the Foswiki:Extensions.SafeWikiPlugin.

QUERYSTRING, URLPARAM

This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine