Question

Advise on how to Protect Text From Interpretation

Consider the following form-based query

Unfortunately, this query results in the following form:

I tried various ways of escaping the interpretation of the square brackets that apparently break the parsing of the whole line containing them. Any guidance would be greatly appreciated.

Environment

P.S. Sorry for the poor choice of title. Unfortunately, it is not possible to change the name on this wiki.

-- ThomasWeigert - 01 Jan 2004

Answer

This should work: Escape the link to show the value of
"| [<nop>[$topic]] | $formfield(Tool) | $formfield(Total) |", e.g.:

-- PeterThoeny - 02 Jan 2004

I changed the query above to
"| [<nop>[$topic]] | $formfield(TopicClassification) | $formfield(OperatingSystem) |"

It turns out that one also has to escape the wiki words in the format. However, the wiki words in the header parameter do not need to be escaped:

Could you please explain the difference in how these are handled?

-- ThomasWeigert - 02 Jan 2004

This is because OperatingSystem in the header is bolded. The autolinking is only done for WikiWords preceeded by white space or opening parenthesis.

In the form you need to <nop>EscapeWikiWords one by one, or enclose the whole form in <noautolink> ... </noautolink> tags.

-- PeterThoeny - 02 Jan 2004

Thanks. However, the <noautolink> ... </noautolink> trick does not seem to work for me:

-- ThomasWeigert - 02 Jan 2004

<noautolink> only escapes WikiWord links as documented; the [[...][...]] links need to be escaped separately (as well as other TWiki rendering like bold etc)

-- PeterThoeny - 02 Jan 2004

I found another way to create a problem, as can be seen by the query below. As you can see, the insertion of HTML image reference messes up the rendering again:

-- ThomasWeigert - 31 Jan 2005

Do this:

• Use noautolink tags to prevent WikiWord linking
• Entity encode special chars for use in input value parameter, such as %ENCODE{ "text to encode" type="entity" }%
• No need to use nop tags
• Double quotes need to be escaped with \"

Note that if you get the value via URLPARAM you can entity encode the value directly: value="%URLPARAM{ "foo" encode="entity" }%"

-- PeterThoeny - 06 Feb 2005

Note that when using %ENCODE% one cannot apply <nop> to protect linking (see the incorrect result):

However, <noautolink> can be applied at any level, and need not be around the whole form (in case linking within the form is desired, as in WebSearch):