 |
You are here: Foswiki>System Web>Category>UserDocumentationCategory>Macros>VarQUERYPARAMS (2024-12-23, UnknownUser)Edit Attach
QUERYPARAMS -- show parameters to the query
Expands the parameters to the query that was used to display the page.
Parameters
| Parameter: | Description: | Default: |
|---|---|---|
format | Format string for each entry | $name=$value |
separator | Separator string | $n (newline) |
encoding | Control how special characters are encoded. If this parameter is not given, safe encoding is performed which HTML entity encodes the characters '"<>%. entity - Encode special characters into HTML entities, like a double quote into ". Does not encode \n or \r. safe - Encode characters '"<>% into HTML entities. (this is the default) html - As type="entity" except it also encodes \n and \rquotes - Escape double quotes with backslashes (\"), does not change other characters url - Encode special characters for URL parameter use, like a double quote into %22 | safe |
The following tokens are expanded in the format string:
| Token | Expands To |
|---|---|
$name | Name of the parameter |
$value | String value of the parameter. Multi-valued parameters will have a "row" for each value. |
In addition the standard format tokens are also expanded.
Examples
%QUERYPARAMS{
format="<input type='hidden' name='$name' value='$value' encoding="entity" />"
}%
Security warning!
Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are advised to install the Foswiki:Extensions.SafeWikiPlugin.
Related
Edit | Attach | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r1 - 2024-12-23, UnknownUser
- User Reference
- BeginnersStartHere
- EditingShorthand
- Macros
- MacrosQuickReference
- FormattedSearch
- QuerySearch
- DocumentGraphics
- SkinBrowser
- InstalledPlugins
- Admin Maintenance
- Reference Manual
- AdminToolsCategory
- InterWikis
- ManagingWebs
- SiteTools
- DefaultPreferences
- WebPreferences
Main 
Copyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback