URLPARAM -- get URL or HTTP POST parameter value

Returns the value of the named parameter in the URL or HTTP POST request.


Parameter: Description: Default:
"name" The name of a URL parameter required
default Default value, used if the parameter is not present ""
newline Convert newlines in textarea to other delimiters  
encode Control how special characters are encoded
"off" - No encoding. Avoid using this when possible. See the security warning below.
"entity" - Encode special characters into HTML entities. See ENCODE for more details.
"safe" - Encode characters '"<>% into HTML entities.
"url" - Encode special characters for URL parameter use, like a double quote into %22
"quote" - Escape double quotes with backslashes (\"), does not change other characters; required when feeding URL parameters into other macros.
You can combine several encodings together, and they will be applied in the order you specify e.g. encode="safe, quote"
multiple If set, gets all selected elements of a <select multiple="multiple"> tag. Can be set to a format string, with $item indicating the element, e.g. multiple="Option: $item" (also supports the standard FormatTokens) first element
separator Separator between multiple selections. Only relevant if multiple is specified $n (new line)


%URLPARAM{"skin"}% returns print for a .../view/System/VarURLPARAM?skin=print URL

HELP URL parameters passed into HTML form fields must be entity encoded.

HELP Double quotes in URL parameters must be escaped when passed into other macros.
Example: %SEARCH{ "%URLPARAM{ "search" encode="safe, quote" }%" noheader="on" }%

HELP Reverse the encoding when used in SEARCH.
Example: %SEARCH{ "%URLPARAM{ "search" encode="safe, quote"}%" decode="safe" noheader="on" }%. (It is not necessary to reverse quote encoding, otherwise decode= options should be specified in the reverse order from the encode= options.)

HELP When used in a template topic, this macro will be expanded when the template is used to create a new topic. See TemplateTopics for details.

ALERT! Watch out for internal parameters, such as rev, skin, template, topic, web; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at CommandAndCGIScripts.

ALERT! If you have %URLPARAM{ in the value of a URL parameter, it will be modified to %<nop>URLPARAM{. This is to prevent an infinite loop during expansion.

ALERT! Security warning! Using URLPARAM can easily be misused for cross-site scripting unless specific characters are entity encoded. By default URLPARAM encodes the characters '"<>% into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.


This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine