By default, Help Center quarantines unsafe HTML tags and attributes in articles to reduce the risk of somebody introducing malicious code. Unsafe HTML is not stripped from the articles on the server but simply not included in the HTTP responses sent to browsers. As a result, articles might not render as intended in browsers.
You can override the default setting to allow all the article HTML to be sent to a browser.
Making this change will allow potentially malicious code to be executed when users open an article in a browser.
To allow unsafe HTML in HTTP responses
- In Guide, click the Settings icon () in the sidebar.
- Under Security, select the Display Unsafe Content option.
- Click Update.
The following list contains tags that are considered safe:
strong, em, b, i, p, code, pre, tt, samp, kbd, var, sub, sup, dfn, cite, big, small, address, hr, br, id, div, span, h1, h2, h3, h4, h5, h6, ul, ol, li, dl, dt, dd, abbr, acronym, a, img, blockquote, del, ins, u, table, thead, tbody, tfoot, tr, th, td, colgroup
Even if Help Center doesn’t strip safe tags, the third-party HTML article editor used in Help Center (TinyMCE) may strip some safe tags from the HTML. For example, the editor removes
<i> tags with no content, such as those used for Font Awesome icons.
The following list contains attributes that are considered safe:
href, src, width, height, alt, cite, datetime, title, class, name, xml:lang, abbr, target, border
Everything else is considered unsafe.