Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
What html tags can we use in posts?
So, I finally got around to looking at the second Review Panel draft, and was surprised by the ability to make collapsible sections in posts. From the comments, I wasn't the only one.
Whoa, whoa, whoa, slow down, you can make collapsable sections? Tell me that if posts support any form of HTML coding, that at least CSS and JS are screened so that users can't just arbitrarily execute code on the browser page. — DonielF
@DonielF Yes via
<details>
for everything and within that<summary>
for the title. And no, not everything goes. There is a whitelist. :D — luap42
This is really just me satisfying my own curiosity, but what specifically is allowed on the site? I mean, obviously not script tags or any other security breaking tags, but what about other feature tags like <details>
?
For obvious reasons, we do not allow you to use any tag or attribute you want. All tags, that aren't on a special inclus …
3y ago
I have tried to document all markups allowed in posts in a help page for the EE site. Let me know if you find anything …
4y ago
Thanks to Moshi, we now have some checks in the editor, so you'll now get a message about unsupported elements.
1y ago
3 answers
For obvious reasons, we do not allow you to use any tag or attribute you want. All tags, that aren't on a special inclusion list are stripped from the input.
There are two lists, one for posts and one for comments.
Posts (Question, Answer, Article, IIRC user profiles; so generally everything longer) can contain as tags:
a
p
span
b
i
em
s
strong
hr
-
h1
,h2
,h3
,h4
,h5
,h6
blockquote
img
strike
-
del
,ins
code
pre
br
-
ul
,ol
,li
-
sup
,sub
section
-
details
,summary
-
table
,thead
,tbody
,tr
,th
,td
These tags can furthermore use the following attributes:
id
class
href
title
src
height
width
alt
dir
lang
start
rowspan
colspan
Comments (and possibly some other shorter text types) may contain:
a
b
i
em
strong
strike
del
code
These tags can use the attributes
href
title
This is the current list of available tags. It might, though, change in the future. For example <details>
and <summary>
were only added recently.
The source code with the most recent list can be found here for:
- posts: https://github.com/codidact/qpixel/blob/develop/app/helpers/posts_helper.rb
- comments: https://github.com/codidact/qpixel/blob/develop/app/helpers/comments_helper.rb
I have tried to document all markups allowed in posts in a help page for the EE site. Let me know if you find anything not described there.
Thanks to Moshi, we now have some checks in the editor, so you'll now get a message about unsupported elements.
1 comment thread