Ограничения HTML
По умолчанию MediaWiki ограничает использование HTML.
Допускается использование только некоторых HTML-элементов и атрибутов.
Raw-HTML sections, surrounded by the "html" tag, can be enabled with the configuration parameter $wgRawHtml
.
Код доступен в includes/parser/Sanitizer.php.
Wikimedia websites (see complete list here) do not allow full use of HTML. A request to allow full use of HTML was rejected in 2005.
There are several extensions that allow for the inclusion of raw HTML. Here are the extensions that appear to be safe:
Extension | Status | Description |
---|---|---|
Extension:HTMLets | unmaintained | allows pre-defined HTML snippets with $wgRawHtml = false;
|
Extension:HTML Tags | stable | allows for adding HTML from a set of tags and attributes defined in the wiki's settings |
Extension:Secure HTML | unmaintained | adds 'Secret key' protection for html sections |
Extension:SaferHTMLTag | stable, has known security vulnerability | prevents editing of pages that contain the <html> tag by unauthorized users and groups
|
Extension:HTMLPurifier | beta | allows users to input raw HTML by using HTML Purifier to sanitize it |
Extension:Widgets | stable | allows for defining HTML- and JavaScript-based "widgets", with optional parameters |