Warning: The code or configuration described here poses a major security risk. Site administrators: You are advised against using it until this security issue is resolved. Problem: The html tag check can be bypassed by obfuscating the html tag, leading to a false sense of security. See https://github.com/Wikimedica/mediawiki-extensions-SaferHTMLTag/issues/5

MediaWiki extensions manual

SaferHTMLTag Release status: stableCategory:Stable extensions
Implementation	Tag Category:Tag extensions, User rights Category:User rights extensions
Description	Allows only sysops and certain user groups to edit pages containing the ‎<html> tag.
Author(s)	Antoine Mercier-Linteau (Tinsstalk)
Latest version	0.4 (2024-02-19)
Compatibility policy	Master maintains backward compatibility.Category:Extensions with master compatibility policy
MediaWiki	1.35+Category:Extensions with manual MediaWiki version
License	GNU General Public License 2.0 or later
Download	GitHub: project page git repository URL [help ] commit history Note: No localisation updates are provided by translatewiki.net . Category:Extensions in GitHub version control README
Added rights edit-html Category:Extensions which add rights
Hooks used EditPage::showEditForm:initial Category:EditPage::showEditForm:initial extensions TitleGetEditNotices Category:TitleGetEditNotices extensions EditFilterMergedContent Category:EditFilterMergedContent extensions getUserPermissionsErrors Category:GetUserPermissionsErrors extensions

The SaferHTMLTag extension prevents edition of pages that contain the ‎<html> tag by unauthorized users and groups.

Installation

• Download, extract and place the file(s) in a directory called SaferHTMLTag in your extensions/ folder.
• Add the following code at the bottom of your LocalSettings.php file:

  wfLoadExtension( 'SaferHTMLTag' );
  

• Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Enabling for a group

To enable for a group (eg: sysops), add the following to you LocalSettings.php file:

$wgGroupPermissions['sysop']['edit-html'] = true; // Enable in-wiki HTML editing for sysops.

See also

• Extension:Secure_HTML - Lets you include arbitrary HTML in an authorized and secure way.