UseMod can be configured to allow/deny the use of HTML at two levels.
1. The option $HtmlTags controls whether to allow tags defined by two arrays:
- @HtmlSingle? defines the tags which are then allowed if seen singly
- @HtmlPairs defines the tags that are only allowed in <tag> xxx </tag> pairs
- Any of the "singles" will also be allowed in a "pair"
- These arrays ignored when $HtmlTags = 0
2. The option $RawHtml (I think) allows unrestricted HTML.(please correct me if I am wrong...)
Wiki Health Warning
- The $RawHtml option is very dangerous in a wiki that is editable by the unknown Internet user. Any hostile person (and there are such sad specimens around) can drop any Javascript code onto a page, and for anyone loading a page with Javascript enabled they will not know what has happened till after the code has run.
- My advice would be to keep this option only for use on a readonly site where you trust all the people with edit/admin status.(Do you ever really trust people)?
Note**** I have been experimenting with getting javascript to run within a page (<script type="text/javascript" src="http://www.furl.net/jsLatest.jsp?id=??????"></script>) and enabling RawHTML does work, but adding script to the list of tags in those defined in @HtmlPairs and enabling $HtmlTags does not seem to work.