ENTITY{string} -- encode a string to HTML entities

  • Encode "special" characters to HTML entities. Useful to encode text properly for HTML input fields.
  • Encoded characters:
    • all non-printable ASCII characters below space, including newline ("\n") and linefeed ("\r")
    • Space
    • HTML special characters "<", ">", "&", single quote (') and double quote (")
    • TWiki special characters "%", "[", "]", "@", "_", "*", "=" and "|"
  • Syntax: %ENTITY{string}%
  • Example: %ENTITY{text with "quotes" and
    newline}%
    expands to text&#32;with&#32;&#34;quotes&#34;&#32;and&#10;newline
  • Notes:
    • To protect against cross-site scripting (XSS), always entity encode text intended for HTML input fields. This is especially true if text is received dynamically via URLPARAM or the like.
      Example: <input type="text" name="address" value="%ENTITY{any text}%" />
    • %ENTITY{string}% is roughly equivalent to %ENCODE{ "string" type="html" }%, but the latter cannot handle strings that have double quotes embedded in it.
  • Category: DevelopmentVariables, FormattingAndRenderingVariables, ExportAndPublishingVariables
  • Related: ENCODE, FORMFIELD, QUERYPARAMS, URLPARAM
r1 - 12 Nov 2012 - 08:21:52 - TWikiContributor
 
Linux & Open Source related information for AT91 Smart ARM Microcontrollers

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.

Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.

Atmel® and others, are registered trademarks or trademarks of Atmel Corporation or its subsidiaries. This site is powered by the TWiki collaboration platform

ARM® and others are registered trademarks or trademarks of ARM Ltd. Other terms and product names may be trademarks of others.

Ideas, requests, contributions ? Connect to LinksToCommunities page.

Syndicate this siteRSS ATOM