You are here: Foswiki>System Web>Macros>VarQUERYPARAMS (15 Feb 2011, ProjectContributor)EditAttach
QUERYPARAMS -- show paramaters to the query
- Expands the parameters to the query that was used to display the page.
- Syntax:
%QUERYPARAMS{...}% - Supported parameters:
Parameter: Description: Default: format="..."Format string for each entry $name=$valueseparator="..."Separator string separator="$n"(newline)encoding="entity"
encoding="safe"
encoding="html"
encoding="quotes"
encoding="url"Control how special characters are encoded. If this parameter is not given, "safe" encoding is performed which HTML entity encodes the characters '"<>%.
entity: Encode special characters into HTML entities, like a double quote into". Does not encode\nor\r.
safe: Encode characters'"<>%into HTML entities. (this is the default)
html: Astype="entity"except it also encodes\nand\r
quotes: Escape double quotes with backslashes (\"), does not change other characters
url: Encode special characters for URL parameter use, like a double quote into%22type="safe"
- The following escape sequences are expanded in the format string:
Sequence: Expands To: $nameName of the parameter $valueString value of the parameter. Multi-valued parameters will have a "row" for each value. $nor$n()New line. Use $n()if followed by alphanumeric character, e.g. writeFoo$n()Barinstead ofFoo$nBar
Most macros accept parameter strings which are split over multiple lines. This is usually more readable than using $ntokens. If you are familiar with sectional includes, you might also consider nested sectional includes to hold the newline content outside of the parameter string entirely. Note that newline is not a line break. The browser will wrap the lines together. If you require a line break, displaying the results on two lines, use %BR%. Or use two consecutive newlines to create a TML "Paragraph".$nopor$nop()Is a "no operation". This token gets removed; useful for nested search $quotDouble quote ( ") (\" also works)$percentPercent sign ( %) ($percntalso works)$dollarDollar sign ( $)$ltLess than sign ( <)$gtGreater than sign ( >)$ampAmpersand ( &)$commaComma ( ,)
- Example:
%QUERYPARAMS{ format="<input type='hidden' name='$name' value='$value' encoding="entity" />" }%
Security warning! Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters
'"<>%into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.
- See also QUERYSTRING, URLPARAM
Edit | Attach | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r1 - 15 Feb 2011, ProjectContributor
- Toolbox
-
Users
-
Groups
-
Index
-
Search
-
Changes
-
Notifications
-
RSS Feed
-
Statistics
-
Preferences
- User Reference
- BeginnersStartHere
- TextFormattingRules
- Macros
- FormattedSearch
- QuerySearch
- DocumentGraphics
- SkinBrowser
- InstalledPlugins
Sandbox |
|
Copyright © by the contributing authors. All material on this site is the property of the contributing authors. Ideas, requests, problems regarding Foswiki? Send feedback