URLPARAM{"name"} -- get value of a URL parameter
- Returns the value of a URL parameter.
- Syntax:
%URLPARAM{"name"}% - Supported parameters:
Parameter: 
Description: Default: separator=", "Separator between multiple selections. Only relevant if multiple is specified "\n"(newline)newline="$br"Convert newlines in textarea to other delimiters. Variables $br(for<br />tag),$n(for newline) are expanded. Other text is encoded based onencodeparameter.no conversion multiple="on"
multiple="[[$item]]"If set, gets all selected elements of a <select multiple="multiple">tag. A format can be specified, with$itemindicating the element, e.g.multiple="Option: $item"first element format="..."Format the result. $valueexpands to the URL parameter. If multiple is specified,$valueexpands to the result of the concatenated items."$value"encode="url"Encode special characters for URL parameter use, like a double quote into %22encode="safe"encode="safe"Encode special characters into HTML entities for cross-site scripting protection: "<",">","%", single quote (') and double quote (") are encoded.(this is the default) encode="quote"Escape double quotes with backslashes ( \"), does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting.encode="safe"encode="off"Turn off encoding. See important security note below encode="safe"encode="moderate"Encode special characters into HTML entities for moderate cross-site scripting protection: "<",">", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes.encode="safe"encode="html"Encode special characters into HTML entities. In addition to encode="entity", it also encodes space, newline (\n) and linefeed (\r). Useful to encode text properly in HTML input fields.encode="safe"encode="entity"Encode special characters into HTML entities. See ENCODE for details. encode="safe"default="..."Default value in case parameter is empty or missing. The format parameter is not applied. empty string "name"The name of a URL parameter required - Example:
%URLPARAM{"skin"}%returnsprintfor a.../view/TWiki/VarURLPARAM?skin=printURL -
Notes: - IMPORTANT: There is a risk that this variable can be misused for cross-site scripting
(XSS) if the encoding is turned off. The encode="safe"is the default, it provides a safe middle ground. Theencode="entity"is more aggressive, but some TWiki applications might not work. - URL parameters passed into HTML form fields should be encoded as
"html".
Example:<input type="text" name="address" value="%URLPARAM{ "address" encode="html" }%" /> - Double quotes in URL parameters must be escaped when passed into other TWiki variables.
Example:%SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }% - When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
- Watch out for TWiki internal parameters, such as
rev,skin,template,topic,web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts. - If you have
%URLPARAM{in the value of a URL parameter, it will be modified to%<nop>URLPARAM{. This is to prevent an infinite loop during expansion.
- IMPORTANT: There is a risk that this variable can be misused for cross-site scripting
- Category: DevelopmentVariables, SystemInformationVariables
- Related: ENCODE, ENTITY, SEARCH, FormattedSearch, QUERYSTRING
Topic revision: r9 - 2012-11-15 - TWikiContributor
Site map
Main web
User registration
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Copyright © 1999-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarURLPARAM.