QUERYPARAMS -- show parameters to the query
Expands the parameters to the query that was used to display the page.Parameters
| Parameter: | Description: | Default: |
|---|---|---|
format |
Format string for each entry | $name=$value |
separator |
Separator string | $n (newline) |
encoding |
Control how special characters are encoded. If this parameter is not given, safe encoding is performed which HTML entity encodes the characters '"<>%. entity - Encode special characters into HTML entities, like a double quote into ". Does not encode \n or \r. safe - Encode characters '"<>% into HTML entities. (this is the default) html - As type="entity" except it also encodes \n and \r quotes - Escape double quotes with backslashes (\"), does not change other characters url - Encode special characters for URL parameter use, like a double quote into %22 |
safe |
format string:
| Token | Expands To |
|---|---|
$name |
Name of the parameter |
$value |
String value of the parameter. Multi-valued parameters will have a "row" for each value. |
Examples
%QUERYPARAMS{
format="<input type='hidden' name='$name' value='$value' encoding="entity" />"
}%
Security warning!
Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are advised to install the Foswiki:Extensions.SafeWikiPlugin.Related
QUERYSTRING, URLPARAM
Copyright © by the contributing authors. All material on this site is the property of the contributing authors. Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info.
That's Fine