Appearance
HTML, CSS & JS
You can drop raw HTML and CSS into wikitext — but inside a strict sandbox. There is no JavaScript: pages are data, never code, so a reader is safe no matter who edited the page.
HTML
A fixed set of tags renders; anything else is escaped and shown as literal text rather than executed. Attributes are filtered too — a global set plus per-tag extras, and everything else (including all on* event handlers) is dropped.
- Allowed tags — the complete list, generated from the engine.
- Allowed attributes — global + per-tag.
CSS
Two ways to style, both filtered for dangerous patterns:
Inline
style="…"on an element — quick, local, but nourl(...).Scoped
<style>blocks — full selectors,@media,:hover, andurl(...), automatically scoped to your page.CSS in style blocks — how the two compare and what CSS features work.
What's blocked — the exact scrubbed patterns and at-rules.
JavaScript — not allowed
<script> is never rendered, on* handlers are stripped, and javascript: / vbscript: URLs are blocked. If you need interactivity, that's what engine tags are for.