Returns the value of the named parameter in the URL or HTTP POST request.
URL parameters passed into HTML form fields must be
entity encoded.
Double quotes in URL parameters must be escaped when passed into other macros.
Example:
%SEARCH{ "%URLPARAM{ "search" encode="safe, quote" }%" noheader="on" }%
Reverse the encoding when used in SEARCH.
Example:
%SEARCH{ "%URLPARAM{ "search" encode="safe, quote"}%" decode="safe" noheader="on" }%
. (It is not necessary to reverse quote encoding, otherwise
decode=
options should be specified in the reverse order from the
encode=
options.)
When used in a template topic, this macro will be expanded when the template is used to create a new topic. See
TemplateTopics#TemplateTopicsVars for details.
Watch out for internal parameters, such as
rev
,
skin
,
template
,
topic
,
web
; they have a special meaning in Foswiki. Common parameters and view script specific parameters are documented at
CommandAndCGIScripts.
If you have
%URLPARAM{
in the value of a URL parameter, it will be modified to
%<nop>URLPARAM{
. This is to prevent an infinite loop during expansion.
Security warning! Using URLPARAM can easily be misused for cross-site scripting unless specific characters are entity encoded. By default URLPARAM encodes the characters
'"<>%
into HTML entities (same as encode="safe") which is relatively safe. The safest is to use encode="entity". When passing URLPARAM inside another macro always use double quotes ("") combined with using URLPARAM with encode="quote". For maximum security against cross-site scripting you are adviced to install the
Foswiki:Extensions.SafeWikiPlugin.