Topic on Skin talk:Citizen

It seems like the Citizen skin enables raw HTML embedding, and "$wgRawHtml = false;" does nothing to disable it, which seems unsafe. Am I missing something during setup to make this more secure?

That does indeed happen when collapsible sections are created. In the meantime you can disable those by setting $wgCitizenEnableCollapsibleSections to false.

Patch at https://github.com/StarCitizenTools/mediawiki-skins-Citizen/pull/333

Merged into master, should be fixed now.