You are here:
STALklubben
>
System Web
>
Macros
>
VarENCODE
(2009-01-09,
ProjectContributor
)
(raw view)
E
dit
A
ttach
#VarENCODE ---+++ ENCODE{"string"} -- encodes a string to HTML entities * Encode "special" characters to HTML numeric entities. Encoded characters are: * all non-printable ASCII characters below space, except newline (="\n"=) and linefeed (="\r"=) * HTML special characters ="<"=, =">"=, ="&"=, single quote (='=) and double quote (="=) * TML special characters ="%"=, ="["=, ="]"=, ="@"=, ="_"=, ="*"=, ="="= and ="|"= * Syntax: =%<nop>ENCODE{"string"}%= * Supported parameters: | *Parameter:* | *Description:* | *Default:* | | ="string"= | String to encode | required (can be empty) | | =type="entity"= <br /> =type="safe"= <br /> =type="html"= <br /> =type="quotes"= <br /> =type="url"= | Control how special characters are encoded <hr /> =entity=: Encode special characters into HTML entities, like a double quote into =&#034;=. Does *not* encode =\n= or =\r=. <hr /> =safe=: Encode characters ='"<>%= into HTML entities. <hr /> =html=: As =type="entity"= except it also encodes =\n= and =\r= <hr /> =quotes=: Escape double quotes with backslashes (=\"=), does not change other characters <hr /> =url=: Encode special characters for URL parameter use, like a double quote into =%22= (this is the default) | =type="url"= | * Example: =%<nop>ENCODE{"spaced name"}%= expands to =%ENCODE{"spaced name"}%= * %X% Values of HTML input fields must be entity encoded.%BR% Example: =<input type="text" name="address" value="%<nop>ENCODE{ "any text" type="entity" }%" />= * %X% Double quotes in strings must be escaped when passed into other macros.%BR% Example: =%<nop>SEARCH{ "%<nop>ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%= * %X% ENCODE can be used to filter user input from URL parameters and similer to protect against cross-site scripting. The safest approach is to use =type="entity"=. This can however prevent an application from fully working. You can then use =type="safe"= which encodes only the characters ='"<>%= into HTML entities (same as encode="safe"). When ENCODE is passing a string inside another macro always use double quotes ("") type="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin. * Related: [[%IF{"'%INCLUDINGTOPIC%'='Macros'" then="#"}%VarURLPARAM][URLPARAM]]
E
dit
|
A
ttach
|
P
rint version
|
H
istory
: r1
|
B
acklinks
|
V
iew topic
|
Ra
w
edit
|
M
ore topic actions
Topic revision: r1 - 2009-01-09 - 12:00:00 -
ProjectContributor
System
Internetbokning
Log In
(ej för bokning) or
Register
Toolbox
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
User Reference
BeginnersStartHere
TextFormattingRules
Macros
FormattedSearch
QuerySearch
DocumentGraphics
SkinBrowser
InstalledPlugins
Admin Maintenance
Reference Manual
AdminToolsCategory
InterWikis
ManagingWebs
SiteTools
DefaultPreferences
WebPreferences
Categories
Admin Documentation
Admin Tools
Developer Doc
User Documentation
User Tools
Webs
Main
STALklubben
Sandbox
System
Deutsch
English
Svenska
Copyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding STALklubben?
Send feedback