Warning: The code or configuration described here poses a major security risk.
Site administrators: You are advised against using it until this security issue is resolved.
Problem: The html tag check can be bypassed by obfuscating the html tag, leading to a false sense of security
Release status: beta
|Implementation||Tag, User rights|
|Description||Allows only sysops and certain user groups to edit pages containing the
|Author(s)||Antoine Mercier-Linteau (Tinsstalk)|
|Latest version||0.3b (2021-05-22)|
|Compatibility policy||Master maintains backward compatibility.|
|License||GNU General Public License 2.0 or later|
The SaferHTMLTag extension prevents edition of pages that contain the
<html> tag by unauthorized users and groups.
- Download, extract and place the file(s) in a directory called
- Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'SaferHTMLTag' );
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
To users running MediaWiki 1.24 or earlier:
The instructions above describe the new way of installing this extension using
If you need to install this extension on these earlier versions (MediaWiki 1.24 and earlier), instead of
wfLoadExtension( 'SaferHTMLTag' );, you need to use:
Enabling for a group
To enable for a group (eg: sysops), add the following to you LocalSettings.php file:
$wgGroupPermissions['sysop']['edit-html'] = true; // Enable in-wiki HTML editing for sysops.