Difference: VarENCODE (1 vs. 6)

ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

  Parameter:	Description:	Default:
  "string"	String to encode	required (can be empty)
  type="url"	Encode special characters for URL parameter use, like a double quote into %22	(this is the default)
  type="quotes"	Escape double quotes with backslashes (\"), does not change other characters. This type does not protect against cross-site scripting.	type="url"
  type="moderate"	Encode special characters into HTML entities for moderate cross-site scripting protection: "<", ">", single quote (') and double quote (") are encoded. Useful to allow TWiki variables in comment boxes.	type="url"
  type="safe"	Encode special characters into HTML entities for cross-site scripting protection: "<", ">", "%", single quote (') and double quote (") are encoded.	type="url"

• Example: %ENCODE{"spaced name"}% expands to spaced%20name
• Notes:

• • Double quotes in strings must be escaped when passed into other TWiki variables.
    Example: %SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%
  • Use type="moderate", type="safe" or type="entity" to protect user input from URL parameters and external sources against cross-site scripting (XSS). type="entity" is the safest mode, but some TWiki applications might not work. type="safe" provides a safe middle ground, type="moderate" provides only moderate cross-site scripting protection.

ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

  Parameter:	Description:	Default:
  "string"	String to encode	required (can be empty)

• Example: %ENCODE{"spaced name"}% expands to spaced%20name
• Notes:
  • Values of HTML input fields must be entity encoded.
    Example: <input type="text" name="address" value="%ENCODE{ "any text" type="entity" }%" />
  • Double quotes in strings must be escaped when passed into other TWiki variables.
    Example: %SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%

• Related: URLPARAM

ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

  Parameter:	Description:	Default:
  "string"	String to encode	required (can be empty)

• Example: %ENCODE{"spaced name"}% expands to spaced%20name

• Related: URLPARAM

ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

  Parameter:	Description:	Default:
  "string"	String to encode	required (can be empty)
  type="entity"	Encode special characters into HTML entities, like a double quote into ". Does not encode \n or \r.	type="url"
  type="html"	As type="entity" except it also encodes \n and \r	type="url"

• Example: %ENCODE{"spaced name"}% expands to spaced%20name
• Note: Values of HTML input fields must be entity encoded.
  Example: <input type="text" name="address" value="%ENCODE{ "any text" type="entity" }%" />
• Note: Double quotes in strings must be escaped when passed into other TWiki variables.
  Example: %SEARCH{ "%ENCODE{ "string with "quotes"" type="quotes" }%" noheader="on" }%

ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

  Parameter:	Description:	Default:
  "string"	String to encode	required (can be empty)

• Example: %ENCODE{"spaced name"}% expands to spaced%20name

• Related: URLPARAM

ENCODE{"string"} -- encodes a string to HTML entities

• Encode "special" characters to HTML numeric entities. Encoded characters are:
  • all non-printable ASCII characters below space, except newline ("\n") and linefeed ("\r")
  • HTML special characters "<", ">", "&", single quote (') and double quote (")
  • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
• Syntax: %ENCODE{"string"}%
• Supported parameters:

  Parameter:	Description:	Default: <-- -->
  type="url"	Encode special characters for URL parameter use, like a double quote into %22	(this is the default)
  "string"	String to encode	required (can be empty)
  type="entity"	Encode special characters into HTML entities, like a double quote into &#034;	URL encoding

• Example: %ENCODE{"spaced name"}% expands to spaced%20name
• Note: Values of HTML input fields must be entity encoded, for example:
  <input type="text" name="address" value="%ENCODE{ "any text" type="entity" }%" />
• Related: URLPARAM