QUERYPARAMS -- show parameters to the query
Expands the parameters to the query that was used to display the page.
Parameters
Parameter: |
Description: |
Default: |
format |
Format string for each entry |
$name=$value |
separator |
Separator string |
$n (newline) |
encoding |
Control how special characters are encoded. If this parameter is not given, safe encoding is performed which HTML entity encodes the characters '"<>% . entity - Encode special characters into HTML entities, like a double quote into " . Does not encode \n or \r . safe - Encode characters '"<>% into HTML entities. (this is the default) html - As type="entity" except it also encodes \n and \r quotes - Escape double quotes with backslashes (\" ), does not change other characters url - Encode special characters for URL parameter use, like a double quote into %22 |
safe |
The following tokens are expanded in the
format
string:
Token |
Expands To |
$name |
Name of the parameter |
$value |
String value of the parameter. Multi-valued parameters will have a "row" for each value. |
In addition the standard
FormatTokens are also expanded.
Examples
%QUERYPARAMS{
format="<input type='hidden' name='$name' value='$value' encoding="entity" />"
}%
Security warning!
Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters
'"<>%
into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are advised to install the Foswiki:Extensions.SafeWikiPlugin.
QUERYSTRING,
URLPARAM