VarENTITY < TWiki

ENTITY{string} -- encode a string to HTML entities

Encode "special" characters to HTML entities. Useful to encode text properly for HTML input fields.
Encoded characters:
- all non-printable ASCII characters below space, including newline ("\n") and linefeed ("\r")
- Space
- HTML special characters "<", ">", "&", single quote (') and double quote (")
- TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
Syntax: %ENTITY{string}%
Example: %ENTITY{text with "quotes" and newline}% expands to text with "quotes" and
newline
Notes:
- To protect against cross-site scripting (XSS), always entity encode text intended for HTML input fields. This is especially true if text is received dynamically via URLPARAM or the like.
  Example: <input type="text" name="address" value="%ENTITY{any text}%" />
- %ENTITY{string}% is roughly equivalent to %ENCODE{ "string" type="html" }%, but the latter cannot handle strings that have double quotes embedded in it.
Category: DevelopmentVariables, FormattingAndRenderingVariables, ExportAndPublishingVariables
Related: ENCODE, FORMFIELD, QUERYPARAMS, URLPARAM

Revision: r1 - 2012-11-12 - 16:21:52 - TWikiContributor
Parents: WebHome > TWikiVariables

Copyright © 1999-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Daya Bay? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.VarENTITY.

	TWiki > TWikiVariables > VarENTITY	Daya Bay webs: Public \| 中文 \| Internal \| *Help*
			Log In or Register