ENTITY{string} -- encode a string to HTML entities 
 
-  Encode "special" characters to HTML entities. Useful to encode text properly for HTML input fields.
-  Encoded characters: 
-  all non-printable ASCII characters below space, including newline ("\n") and linefeed ("\r")
-  Space
-  HTML special characters "<",">","&", single quote (') and double quote (")
-  TWiki special characters "%","[","]","@","_","*","="and"|"
 
-  Syntax: %ENTITY{string}%
-  Example: %ENTITY{text with "quotes" and
 newline}%
expands totext with "quotes" and
newline
-  Notes: 
-  To protect against cross-site scripting (XSS), always entity encode text intended for HTML input fields. This is especially true if text is received dynamically via URLPARAM or the like. (XSS), always entity encode text intended for HTML input fields. This is especially true if text is received dynamically via URLPARAM or the like.
 Example:<input type="text" name="address" value="%ENTITY{any text}%" />
-  %ENTITY{string}%is roughly equivalent to%ENCODE{ "string" type="html" }%, but the latter cannot handle strings that have double quotes embedded in it.
 
-  Category: DevelopmentVariables, FormattingAndRenderingVariables, ExportAndPublishingVariables
-  Related: ENCODE, FORMFIELD, QUERYPARAMS, URLPARAM
 
This topic: TWiki
 > WebHome > 
TWikiVariables > VarENTITY 
 
Topic revision: r1 - 2012-11-12 - TWikiContributor