|  | 
| META TOPICPARENT | name="TWikiVariables" |   URLPARAM{"name"} -- get value of a URL parameter  | 
|  |  | 
|
| < <
 |      
     
     | default="..." | Default value in case parameter is empty or missing | empty string |  | 
|  |      
     
     | newline="$br" | Convert newlines in textarea to other delimiters. Variables $br(for<br />tag),$n(for newline) are expanded. Other text is encoded based onencodeparameter. | no conversion |  
     | encode="off" | Turn off encoding. See important security note below | encode="safe" |  
     | encode="quote" | Escape double quotes with backslashes ( \"), does not change other characters; required when feeding URL parameters into other TWiki variables. This encoding does not protect against cross-site scripting. | encode="safe" |  
     | encode="moderate" | Encode special characters into HTML entities for moderate cross-site scripting protection: "<",">", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes. | encode="safe" |  
     | encode="safe" | Encode special characters into HTML entities for cross-site scripting protection: "<",">","%", single quote (') and double quote (") are encoded. | (this is the default) |  | 
|
| < <
 |      
     
     | encode="entity" | Encode special characters into HTML entities. See ENCODE for more details. | encode="safe" |  
     | encode="html" | As encode="entity"except it also encodes newline (\n) and linefeed (\r) | encode="safe" |  | 
| > >
 |      
     
     | encode="entity" | Encode special characters into HTML entities. See ENCODE for details. | encode="safe" |  
     | encode="html" | Encode special characters into HTML entities. In addition to encode="entity", it also encodes space, newline (\n) and linefeed (\r). Useful to encode text properly in HTML input fields. | encode="safe" |  | 
|  |      
     
     | encode="url" | Encode special characters for URL parameter use, like a double quote into %22 | encode="safe" |  
     | multiple="on"
 multiple="[[$item]]" | If set, gets all selected elements of a <select multiple="multiple">tag. A format can be specified, with$itemindicating the element, e.g.multiple="Option: $item" | first element |  
     | separator=", " | Separator between multiple selections. Only relevant if multiple is specified | "\n"(newline) |  | 
|
| > >
 |      
     
     | format="..." | Format the result. $valueexpands to the URL parameter. If multiple is specified,$valueexpands to the result of the concatenated items. | "$value" |  
     | default="..." | Default value in case parameter is empty or missing. The format parameter is not applied. | empty string |  | 
|  | 
 Example: %URLPARAM{"skin"}%returnsprintfor a.../view/TWiki/VarURLPARAM?skin=printURL  Notes: 
 IMPORTANT: There is a risk that this variable can be misused for cross-site scripting (XSS) if the encoding is turned off. The encode="safe"is the default, it provides a safe middle ground. Theencode="entity"is more aggressive, but some TWiki applications might not work. | 
|
| < <
 | 
 
 
 URL parameters passed into HTML form fields must be entity ENCODEd.Example:
 <input type="text" name="address" value="%URLPARAM{ "address" encode="entity" }%" /> | 
| > >
 | 
 
 
 URL parameters passed into HTML form fields should be encoded as "html".Example:
 <input type="text" name="address" value="%URLPARAM{ "address" encode="html" }%" /> | 
|  | 
 
 
 Double quotes in URL parameters must be escaped when passed into other TWiki variables.Example:
 %SEARCH{ "%URLPARAM{ "search" encode="quotes" }%" noheader="on" }% When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
 Watch out for TWiki internal parameters, such as rev,skin,template,topic,web; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts. |