%META:TOPICINFO{author="TWikiContributor" date="1235369572" format="1.1" version="6"}%
%META:TOPICPARENT{name="TWikiVariables"}%
#VarURLPARAM
---+++ URLPARAM{"name"} -- get value of a URL parameter
   * Returns the value of a URL parameter.
   * Syntax: =%<nop>URLPARAM{"name"}%=
   * Supported parameters:
     | *Parameter:* | *Description:* | *Default:* |
     | ="name"= | The name of a URL parameter | required |
     | =default="..."= | Default value in case parameter is empty or missing | empty string |
     | =newline="&lt;br /&gt;"= | Convert newlines in textarea to other delimiters | no conversion |
     | =encode="off"= | Turn off encoding. See important security note below | encode="safe" |
     | =encode="safe"= | Encode special characters into HTML entities to avoid XSS exploits: ="<"=, =">"=, ="%"=, single quote (='=) and double quote (="=) | (this is the default) |
     | =encode="entity"= | Encode special characters into HTML entities. See [[%IF{"'%INCLUDINGTOPIC%'='TWikiVariables'" then="#"}%VarENCODE][ENCODE]] for more details. | encode="safe" |
     | =encode="url"= | Encode special characters for URL parameter use, like a double quote into =%22= | encode="safe" |
     | =encode="quote"= | Escape double quotes with backslashes (=\"=), does not change other characters; required when feeding URL parameters into other TWiki variables | encode="safe" |
     | =multiple="on"= %BR% =multiple="[<nop>[$item]]"= | If set, gets all selected elements of a =&lt;select multiple="multiple"&gt;= tag. A format can be specified, with =$item= indicating the element, e.g. =multiple="Option: $item"= | first element |
     | =separator=", "= | Separator between multiple selections. Only relevant if multiple is specified | ="\n"= (new line) |
   * Example: =%<nop>URLPARAM{"skin"}%= returns =print= for a =.../view/%WEB%/%INCLUDINGTOPIC%?skin=print= URL
   * __%X% Notes:__
      * *IMPORTANT:* There is a risk that this variable can be misused for [[http://en.wikipedia.org/wiki/Cross-site_scripting][cross-site scripting]] (XSS) if the encoding is turned off. The =encode="safe"= is the default, it provides a safe middle ground. The =encode="entity"= is more aggressive, but some TWiki applications might not work.
      * URL parameters passed into HTML form fields must be entity [[%IF{"'%INCLUDINGTOPIC%'='TWikiVariables'" then="#"}%VarENCODE][ENCODEd]].%BR% Example: =&lt;input type="text" name="address" value="%<nop>URLPARAM{ "address" encode="entity" }%" /&gt;=
      * Double quotes in URL parameters must be escaped when passed into other TWiki variables.%BR% Example: =%<nop>SEARCH{ "%<nop>URLPARAM{ "search" encode="quotes" }%" noheader="on" }%=
      * When used in a template topic, this variable will be expanded when the template is used to create a new topic. See TWikiTemplates#TemplateTopicsVars for details.
      * Watch out for TWiki internal parameters, such as =rev=, =skin=, =template=, =topic=, =web=; they have a special meaning in TWiki. Common parameters and view script specific parameters are documented at TWikiScripts.
      * If you have =%<nop>URLPARAM{= in the value of a URL parameter, it will be modified to =%&lt;nop&gt;URLPARAM{=. This is to prevent an infinite loop during expansion.
   * Related: [[%IF{"'%INCLUDINGTOPIC%'='TWikiVariables'" then="#"}%VarENCODE][ENCODE]], [[%IF{"'%INCLUDINGTOPIC%'='TWikiVariables'" then="#"}%VarSEARCH][SEARCH]], FormattedSearch, [[%IF{"'%INCLUDINGTOPIC%'='TWikiVariables'" then="#"}%VarQUERYSTRING][QUERYSTRING]]
