<td> no encoding </td>
</tr>
<tr>
+ <td><code>encode="quote"</code></td>
+ <td> Escape double quotes with backslashes (<code>\"</code>), does not change other characters; required when feeding URL parameters into other TWiki variables </td>
+ <td> no encoding </td>
+ </tr>
+ <tr>
<td><code>multiple="on"</code> %BR% <code>multiple="[[$item]]"</code></td>
<td> If set, gets all selected elements of a <code><select multiple="multiple"></code> tag. A format can be specified, with <code>$item</code> indicating the element, e.g. <code>multiple="Option: $item"</code></td>
<td> first element </td>
</tr>
</table>
- Example: `%URLPARAM{"skin"}%` returns `print` for a `.../view/%WEB%/%INCLUDINGTOPIC%?skin=print` URL
-- **_%X% Note:_** URL parameters passed into HTML form fields must be entity [[ENCODEd|Main/WebHome#VarENCODE]]
+- **_%X% Note:_** URL parameters passed into HTML form fields must be entity [[ENCODEd|Main/WebHome#VarENCODE]].
+- **_%X% Note:_** Double quotes in URL parameters must be escaped when passed into other TWiki variables.%BR% Example: `%SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }%`
- **_%X% Note:_** When used in a template topic, this variable will be expanded when the template is used to create a new topic. See [[TWikiTemplates#TemplateTopicsVars]] for details.
- **_%X% Note:_** There is a risk that this variable could be misused for cross-site scripting.
- Related: [[ENCODE|Main/WebHome#VarENCODE]], [[SEARCH|Main/WebHome#VarSEARCH]], [[FormattedSearch]], [[QUERYSTRING|Main/WebHome#VarQUERYSTRING]]
git://git.openafs.org / openafs-wiki.git / blobdiff