By default, Help Center quarantines unsafe HTML tags and attributes in articles to reduce the risk of somebody introducing malicious code. Unsafe HTML is not stripped from the articles on the server but simply not included in the HTTP responses sent to browsers. As a result, articles might not render as intended in browsers.
You can override the default setting to allow all the article HTML to be sent to a browser.
Making this change will allow potentially malicious code to be executed when users open an article in a browser.
To allow unsafe HTML in HTTP responses
- In Guide, click the Settings icon (
) in the sidebar. - Under Security, select the Display Unsafe Content option.
- Click Update.
Safe tags
The following list contains tags that are considered safe:
strong, em, b, i, p, code, pre, tt, samp, kbd, var, sub, sup, dfn, cite,
big, small, address, hr, br, id, div, span, h1, h2, h3, h4, h5, h6,
ul, ol, li, dl, dt, dd, abbr, acronym, a, img, blockquote,
del, ins, u, table, thead, tbody, tfoot, tr, th, td, colgroup
Even if Help Center doesn’t strip safe tags, the third-party HTML article editor used in Help Center (TinyMCE) may strip some safe tags from the HTML. For example, the editor removes <i> tags with no content, such as those used for Font Awesome icons.
Safe attributes
The following list contains attributes that are considered safe:
href, src, width, height, alt, cite, datetime, title, class, name,
xml:lang, abbr, target, border
Everything else is considered unsafe.
Comments
2 comments
Glad you found this useful, Jacqui. It is a default setting to protect you but if you're comfortable with the content then that's great.
This article was useful because some of our articles weren't rendering properly. It makes sense and works now that we have updated the setting.
Please sign in to leave a comment.