Configuration Setting: htmlok
Defines if embedding HTML using the <html> tags is allowed. This may break the layout and XHTML compliance if wrong HTML is inserted.
This option and mechanism has been removed from the 2023 “Jack Jackrum” release. Replacement possible via the HTMLok plugin.
The following is only applicable until release “Igor”:
You should never enable this option, unless:
- you are the only user with write permissions
- you know exactly what you're doing
This is a big security risk when used on a freely accessible site because it enables anyone to embed arbitrary JavaScript in your wiki pages. This can be used to steal cookie and gain unauthorized privileged access to your wiki, leading to possibly escalated privileges which may allow to take over your server, steal personal information etc.
- Type: Boolean
- Default:
0
Security Warning: Changing this option could present a security risk.