Manual:$wgRawHtml
HTML: $wgRawHtml | |
---|---|
Allow raw, unchecked HTML in <html>...</html> sections. |
|
Introduced in version: | 1.3.4 |
Removed in version: | Still in use |
Allowed values: | (boolean) |
Default value: | false |
Other settings: Alphabetical | By function |
Details
[edit]Insert $wgRawHtml = true;
into the file LocalSettings.php in your main MediaWiki directory and the wiki will allow you to insert raw unchecked HTML.
However, you must embed your html within the <html>...</html>
tags so that MediaWiki can differentiate it.
<html>...</html>
tags is handled.MediaWiki version: | ≥ 1.29 |
Since MediaWiki 1.29, the raw HTML tag has no effect in namespace 8 (MediaWiki): phabricator:T156184.
Is enabling raw HTML necessary?
[edit]Some HTML tags are permitted in wikitext, even with $wgRawHtml = false
.
See Help:HTML in wikitext .
The vast majority of fancy formatting seen on Wikimedia sites is achieved using these limited tags (e.g. tables with CSS style tags).
If you can make do with these limitations (leave $wgRawHtml = false
), your wiki will be more secure.
Also note that the "limited" wiki syntax is actually a deliberate design feature of wikis. It is a compact simplified markup which is easily understood even by non-technical users, easily visualised in diff displays, and discourages stylistic tinkering in favor of getting on with writing useful/interesting text.
Related Extensions
[edit]There are a number of extensions which promise to allow more HTML flexibility, while improving the security situation.
Some require setting $wgRawHtml = true
in conjunction with using the extension, while others offer an alternative.
Extension | Status | Description |
---|---|---|
Extension:HTMLets | unmaintained | allows pre-defined HTML snippets with $wgRawHtml = false;
|
Extension:HTML Tags | stable | allows for adding HTML from a set of tags and attributes defined in the wiki's settings |
Extension:Secure HTML | unmaintained | adds 'Secret key' protection for html sections |
Extension:SaferHTMLTag | stable, has known security vulnerability | prevents editing of pages that contain the <html> tag by unauthorized users and groups
|
Extension:HTMLPurifier | beta | allows users to input raw HTML by using HTML Purifier to sanitize it |
Extension:Widgets | stable | allows for defining HTML- and JavaScript-based "widgets", with optional parameters |
Another way get custom HTML appearing within your wiki articles is to develop your own tag extension.
Do not be tempted to develop an extension which allows arbitrary HTML, otherwise the same serious security issues apply as with setting $wgRawHtml = true
.