Manual:$wgRawHtml

Details
Allow raw, unchecked HTML in ... sections.

Some HTML tags are permitted in wikitext, even with $wgRawHtml=false. See meta:Help:HTML in wikitext. The vast majority of fancy formatting seen on wikimedia sites, is acheived using these limited tags (e.g. tables with CSS style tags) If you can make do with these limitations (leave $wgRawHtml=false) your wiki will be more secure.

Related Extensions
There are a number of extensions which promise to allow more HTML flexibility, while improving the security situation. Some require setting $wgRawHtml=true in conjunction with using the extension, while others offer an alternative.


 * Extension:Secure HTML - adds 'Secret key' protection for html sections.
 * Extension:AddHTML - allows HTML on protected pages only
 * Extension:SecureHTML - allows HTML on protected pages only + namespace controls
 * Extension:HTMLets - allows pre-defined HTML snippets with $wgRawHtml=false
 * Extension:RawMsg - allows HTML as stored in MediaWiki namespace only

Another way get custom HTML appearing within your wiki articles, is to develop your own tag extension. Do not be tempted to develop an extension which allows arbitrary html, otherwise the same serious security issues apply, as with setting $wgRawHtml=true