The HTML whitelist is inside the function removeHTMLtags in the file Parser.php.
-- Zigger
On 5/19/05, NSK wrote:
DefaultSettings.php from MediaWiki 1.3.9:
# Allow limited user-specified HTML in wiki pages?
# It will be run through a whitelist for security.
# Set this to false if you want wiki pages to consist only of wiki
# markup. Note that replacements do not yet exist for all HTML
# constructs.
$wgUserHtml = true;
Where is this whitelist?
...