QUERYPARAMS -- show parameters to the query

Expands the parameters to the query that was used to display the page.

Parameters

Parameter:	Description:	Default:
`format`	Format string for each entry	`$name=$value`
`separator`	Separator string	`$n` (newline)
`encoding`	Control how special characters are encoded. If this parameter is not given, `safe` encoding is performed which HTML entity encodes the characters `'"<>%`. `entity` - Encode special characters into HTML entities, like a double quote into `"`. Does not encode `\n` or `\r`. `safe` - Encode characters `'"<>%` into HTML entities. (this is the default) `html` - As `type="entity"` except it also encodes `\n` and `\r` `quotes` - Escape double quotes with backslashes (`\"`), does not change other characters `url` - Encode special characters for URL parameter use, like a double quote into `%22`	`safe`

The following tokens are expanded in the format string:

Token	Expands To
`$name`	Name of the parameter
`$value`	String value of the parameter. Multi-valued parameters will have a "row" for each value.

In addition the standard FormatTokens are also expanded.

Examples

   %QUERYPARAMS{
     format="<input type='hidden' name='$name' value='$value' encoding="entity" />"
   }%

Security warning!

Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are advised to install the Foswiki:Extensions.SafeWikiPlugin.

QUERYSTRING, URLPARAM

Topic revision: r1 - 20 Sep 2024, UnknownUser

System

QUERYPARAMS -- show parameters to the query

Parameters

Examples

Related