1
%META:TOPICINFO{author="ProjectContributor" date="1231502400" format="1.1" version="1"}%
2
%META:TOPICPARENT{name="Macros"}%
4
---+++ QUERYPARAMS -- show paramaters to the query
5
* Expands the parameters to the query that was used to display the page.
6
* Syntax: =%<nop>QUERYPARAMS{...}%=
7
* Supported parameters:
8
| *Parameter:* | *Description:* | *Default:* |
9
| =format="..."= | Format string for each entry | =$name=$value= |
10
| =separator="..."= | Separator string | =separator="$n"= (newline) |
11
| =encoding="entity"= <br /> =encoding="safe"= <br /> =encoding="html"= <br /> =encoding="quotes"= <br /> =encoding="url"= | Control how special characters are encoded. If this parameter is not given, "safe" encoding is performed which HTML entity encodes the characters ='"<>%=. <hr /> =entity=: Encode special characters into HTML entities, like a double quote into =&#034;=. Does *not* encode =\n= or =\r=. <hr /> =safe=: Encode characters ='"<>%= into HTML entities. (this is the default) <hr /> =html=: As =type="entity"= except it also encodes =\n= and =\r= <hr /> =quotes=: Escape double quotes with backslashes (=\"=), does not change other characters <hr /> =url=: Encode special characters for URL parameter use, like a double quote into =%22= | =type="safe"= |
12
<ul><li>The following escape sequences are expanded in the format string:
13
| *Sequence:* | *Expands To:* |
14
| =$name= | Name of the parameter |
15
| =$value= | String value of the parameter. Multi-valued parameters will have a "row" for each value. |
16
%INCLUDE{FormatTokens}%</li></ul>
18
* =%<nop>QUERYPARAMS{format="<input type='hidden' name='$name' value='$value' encoding="entity" />"}%=
19
* %X% *Security warning!* %BR% Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters ='"<>%= into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.
20
* See also [[VarQUERYSTRING][QUERYSTRING]], [[%IF{"'%INCLUDINGTOPIC%'='Macros'" then="#"}%VarURLPARAM][URLPARAM]]