URLPARAM -- get URL or HTTP POST parameter value
Returns the value of the named parameter in the URL or HTTP POST request.Parameters
| Parameter: | Description: | Default: |
|---|---|---|
"name" |
The name of a URL parameter | required |
default |
Default value, used if the parameter is not present | "" |
newline |
Convert newlines in textarea to other delimiters | |
encode |
Control how special characters are encoded "off" - No encoding. Avoid using this when possible. See the security warning below. "entity" - Encode special characters into HTML entities. See ENCODE for more details. "safe" - Encode characters '"<>% into HTML entities. "url" - Encode special characters for URL parameter use, like a double quote into %22 "quote" - Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other macros.You can combine several encodings together, and they will be applied in the order you specify e.g. encode="safe, quote" |
safe |
multiple |
If set, gets all selected elements of a <select multiple="multiple"> tag. Can be set to a format string, with $item indicating the element, e.g. multiple="Option: $item" (also supports the standard FormatTokens) |
first element |
separator |
Separator between multiple selections. Only relevant if multiple is specified | $n (new line) |
Examples
%URLPARAM{"skin"}% returns print for a .../view/System/VarURLPARAM?skin=print URL
URL parameters passed into HTML form fields must be entity encoded.
Double quotes in URL parameters must be escaped when passed into other macros.Example:
%SEARCH{ "%URLPARAM{ "search" encode="safe, quote" }%" noheader="on" }%
Reverse the encoding when used in SEARCH.Example:
%SEARCH{ "%URLPARAM{ "search" encode="safe, quote"}%" decode="safe" noheader="on" }%. (It is not necessary to reverse quote encoding, otherwise decode= options should be specified in the reverse order from the encode= options.)
When used in a template topic, this macro will be expanded when the template is used to create a new topic. See TemplateTopics for details.
Watch out for internal parameters, such as rev, skin, template, topic, web; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at CommandAndCGIScripts.
If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
Security warning! Using URLPARAM can easily be misused for cross-site scripting unless specific characters are entity encoded. By default URLPARAM encodes the characters '"<>% into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.
Related
ENCODE, SEARCH, FormattedSearch, QUERYSTRING
Copyright © by the contributing authors. All material on this site is the property of the contributing authors. Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info.
That's Fine