Control how special characters are encoded. If this parameter is not given, "safe" encoding is performed which HTML entity encodes the characters '"<>%. entity: Encode special characters into HTML entities, like a double quote into ". Does not encode \n or \r. safe: Encode characters '"<>% into HTML entities. (this is the default) html: As type="entity" except it also encodes \n and \rquotes: Escape double quotes with backslashes (\"), does not change other characters url: Encode special characters for URL parameter use, like a double quote into %22
The following escape sequences are expanded in the format string:
Security warning! Using QUERYPARAMS can easily be misused for cross-site scripting unless specific characters are entity encoded. By default QUERYPARAMS encodes the characters '"<>% into HTML entities (same as encoding="safe") which is relatively safe. The safest is to use encoding="entity". When passing QUERYPARAMS inside another macro always use double quotes ("") combined with using QUERYPARAMS with encoding="quote". For maximum security against cross-site scripting you are adviced to install the Foswiki:Extensions.SafeWikiPlugin.