Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Jump to content

HTML restriction

From mediawiki.org

MediaWiki restricts the use of HTML by default. Only some HTML elements and attributes are allowed. Raw-HTML sections, surrounded by the "html" tag, can be enabled with the configuration parameter $wgRawHtml . The code is available at includes/parser/Sanitizer.php.

Wikimedia websites (see complete list here) do not allow full use of HTML. A request to allow full use of HTML was rejected in 2005.

There are several extensions that allow for the inclusion of raw HTML. Here are the extensions that appear to be safe:

Extension Status Description
Extension:HTMLets unmaintained allows pre-defined HTML snippets with $wgRawHtml = false;
Extension:HTML Tags stable allows for adding HTML from a set of tags and attributes defined in the wiki's settings
Extension:Secure HTML unmaintained adds 'Secret key' protection for html sections
Extension:SaferHTMLTag stable, has known security vulnerability prevents editing of pages that contain the ‎‎<html> tag by unauthorized users and groups
Extension:HTMLPurifier beta allows users to input raw HTML by using HTML Purifier to sanitize it
Extension:Widgets stable allows for defining HTML- and JavaScript-based "widgets", with optional parameters