Allowing unsafe HTML in articles

Article author
Stan Jobs

By default, Help Center quarantines unsafe HTML tags and attributes in articles to reduce the risk of somebody introducing malicious code. Unsafe HTML is not stripped from the articles on the server but simply not included in the HTTP responses sent to browsers. As a result, articles might not render as intended in browsers.

You can override the default setting to allow all the article HTML to be sent to a browser.

Making this change will allow potentially malicious code to be executed when users open an article in a browser.

To allow unsafe HTML in HTTP responses

  1. In Guide, click the Settings icon (Settings icon) in the sidebar.
  2. Under Security, select the Display Unsafe Content option.
  3. Click Update.

Safe tags

The following list contains tags that are considered safe:

strong, em, b, i, p, code, pre, tt, samp, kbd, var, sub, sup, dfn, cite,
big, small, address, hr, br, id, div, span, h1, h2, h3, h4, h5, h6,
ul, ol, li, dl, dt, dd, abbr, acronym, a, img, blockquote,
del, ins, u, table, thead, tbody, tfoot, tr, th, td, colgroup

Even if Help Center doesn’t strip safe tags, the third-party HTML article editor used in Help Center (TinyMCE) may strip some safe tags from the HTML. For example, the editor removes <i> tags with no content, such as those used for Font Awesome icons.

Safe attributes

The following list contains attributes that are considered safe:

href, src, width, height, alt, cite, datetime, title, class, name,
xml:lang, abbr, target, border

Everything else is considered unsafe.

Share this:

Was this article helpful?

Comments

0 comments

Be the first to write a comment.