NOTE: This is a DistributionDocument. Please help maintain high quality documentation: This is a wiki, please fix the documentation if you find errors or incomplete content. Put questions and suggestions concerning the documentation of this topic in the comments section below. Use the Support web for problems you are having using TWiki.

ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

• Example: %ENCODE{"spaced name"}% expands to spaced%20name
• Notes:
  • Values of HTML input fields must be entity encoded.
    Example: <input type="text" name="address" value="%ENCODE{ "any text" type="entity" }%" />
  • Double quotes in strings must be escaped when passed into other TWiki variables.
    Example: %SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%
  • Use type="entity" or type="safe" to protect user input from URL parameters and external sources against cross-site scripting (XSS). type="entity" is more aggressive, but some TWiki applications might not work. type="safe" provides a safe middle ground.

• Related: URLPARAM

Comments & Questions about this Distribution Document Topic

I've a very simple patch that ads a new type, newlines, that transforms \r into HTML BR. Is this something interesting to be submited?

-- JoseVenceslau - 08 Oct 2008

Yes, please create a FeatureRequest.

-- PeterThoeny - 08 Oct 2008

Done, in VarENCODETransformNewlineIntoHTML

-- JoseVenceslau - 09 Oct 2008