Allowing unsafe HTML in articles

Stan Jobs
Stan Jobs

By default, Help Center quarantines unsafe HTML tags and attributes in articles to reduce the risk of somebody introducing malicious code. Unsafe HTML is not stripped from the articles on the server but simply not included in the HTTP responses sent to browsers. As a result, articles might not render as intended in browsers.

You can override the default setting to allow all the article HTML to be sent to a browser.

Making this change will allow potentially malicious code to be executed when users open an article in a browser.

To allow unsafe HTML in HTTP responses

  1. In Guide, click the Settings icon (Settings icon) in the sidebar.
  2. Under Security, select the Display Unsafe Content option.
  3. Click Update.

Safe tags

The following list contains tags that are considered safe:

strong, em, b, i, p, code, pre, tt, samp, kbd, var, sub, sup, dfn, cite,
big, small, address, hr, br, id, div, span, h1, h2, h3, h4, h5, h6,
ul, ol, li, dl, dt, dd, abbr, acronym, a, img, blockquote,
del, ins, u, table, thead, tbody, tfoot, tr, th, td, colgroup

Even if Help Center doesn’t strip safe tags, the third-party HTML article editor used in Help Center (TinyMCE) may strip some safe tags from the HTML. For example, the editor removes <i> tags with no content, such as those used for Font Awesome icons.

Safe attributes

The following list contains attributes that are considered safe:

href, src, width, height, alt, cite, datetime, title, class, name,
xml:lang, abbr, target, border

Everything else is considered unsafe.

Was this article helpful?



  • Comment author
    Vera Yang

    Glad you found this useful, Jacqui. It is a default setting to protect you but if you're comfortable with the content then that's great.

  • Comment author
    Jacqui Dorsay

    This article was useful because some of our articles weren't rendering properly. It makes sense and works now that we have updated the setting.


Please sign in to leave a comment.