The HTML whitelist is inside the function removeHTMLtags in the file Parser.php.
-- Zigger
On 5/19/05, NSK wrote:
DefaultSettings.php from MediaWiki 1.3.9:
# Allow limited user-specified HTML in wiki pages? # It will be run through a whitelist for security. # Set this to false if you want wiki pages to consist only of wiki # markup. Note that replacements do not yet exist for all HTML # constructs. $wgUserHtml = true;
Where is this whitelist? ...