Parameter: |
Description: |
Default: |
"name" |
The name of a URL parameter |
required |
newline="$br" |
Convert newlines in textarea to other delimiters. Variables $br (for <br /> tag), $n (for newline) are expanded. Other text is encoded based on encode parameter. |
no conversion |
encode="off" |
Turn off encoding. See important security note below |
encode="safe" |
encode="quote" |
Escape double quotes with backslashes (\" ), does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting. |
encode="safe" |
encode="moderate" |
Encode special characters into HTML entities for moderate cross-site scripting protection: "<" , ">" , single quote (' ) and double quote (" ) are encoded. Useful to allow TWiki variables in comment boxes. |
encode="safe" |
encode="safe" |
Encode special characters into HTML entities for cross-site scripting protection: "<" , ">" , "%" , single quote (' ) and double quote (" ) are encoded. |
(this is the default) |
encode="entity" |
Encode special characters into HTML entities. See ENCODE for details. |
encode="safe" |
encode="html" |
Encode special characters into HTML entities. In addition to encode="entity" , it also encodes space, newline (\n ) and linefeed (\r ). Useful to encode text properly in HTML input fields. |
encode="safe" |
encode="url" |
Encode special characters for URL parameter use, like a double quote into %22 |
encode="safe" |
multiple="on" multiple="[[$item]]" |
If set, gets all selected elements of a <select multiple="multiple"> tag. A format can be specified, with $item indicating the element, e.g. multiple="Option: $item" |
first element |
separator=", " |
Separator between multiple selections. Only relevant if multiple is specified |
"\n" (newline) |
format="..." |
Format the result. $value expands to the URL parameter. If multiple is specified, $value expands to the result of the concatenated items. |
"$value" |
default="..." |
Default value in case parameter is empty or missing. The format parameter is not applied. |
empty string |