MediaWiki restricts the use of HTML by default.
Only some HTML elements and attributes are allowed.
Raw-HTML sections, surrounded by the "html" tag, can be enabled with the configuration parameter
The code is available at includes/parser/Sanitizer.php.
There are several extensions that allow for the inclusion of raw HTML. Here are the extensions that appear to be safe:
- Extension:HTMLets (unmaintained) – allows pre-defined HTML snippets with
$wgRawHtml = false;
- Extension:HTML Tags (stable) – allows for adding HTML from a set of tags and attributes defined in the wiki's settings
- Extension:Secure HTML (unmaintained) – adds 'Secret key' protection for html sections
- Extension:SaferHTMLTag (beta) – prevents edition of pages that contain the
<html>tag by unauthorized users and groups
- Extension:HTMLPurifier (beta) – allows users to input raw HTML by using HTML Purifier to sanitize it
- Extension:NamespaceHTML (unmaintained, has known security vulnerability) – allows raw HTML in specified namespaces