Parameter: | Description: | Default: |
---|---|---|
"name" |
The name of a URL parameter | required |
default |
Default value, used if the parameter is not present | "" |
newline |
Convert newlines in textarea to other delimiters | |
encode |
Control how special characters are encoded "off" - No encoding. Avoid using this when possible. See the security warning below. "entity" - Encode special characters into HTML entities. See ENCODE for more details. "safe" - Encode characters '"<>% into HTML entities. "url" - Encode special characters for URL parameter use, like a double quote into %22 "quote" - Escape double quotes with backslashes (\" ), does not change other characters; required when feeding URL parameters into other macros.You can combine several encodings together, and they will be applied in the order you specify e.g. encode="safe, quote" |
safe |
multiple |
If set, gets all selected elements of a <select multiple="multiple"> tag. Can be set to a format string, with $item indicating the element, e.g. multiple="Option: $item" (also supports the standard format tokens) |
first element |
separator |
Separator between multiple selections. Only relevant if multiple is specified | $n (new line) |
%URLPARAM{"skin"}%
returns print
for a .../view/System/VarURLPARAM?skin=print
URL
%SEARCH{ "%URLPARAM{ "search" encode="safe, quote" }%" noheader="on" }%
Reverse the encoding when used in SEARCH.%SEARCH{ "%URLPARAM{ "search" encode="safe, quote"}%" decode="safe" noheader="on" }%
. (It is not necessary to reverse quote encoding, otherwise decode=
options should be specified in the reverse order from the encode=
options.)
When used in a template topic, this macro will be expanded when the template is used to create a new topic. See Template Topics#Template Topics Vars for details.
Watch out for internal parameters, such as rev
, skin
, template
, topic
, web
; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at Command And CGIScripts.
If you have %URLPARAM{
in the value of a URL parameter, it will be modified to %<nop>URLPARAM{
. This is to prevent an infinite loop during expansion.
Security warning! Using URLPARAM can easily be misused for cross-site scripting unless specific characters are entity encoded. By default URLPARAM encodes the characters '"<>%
into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.