HTML tags in text editors and text widgets

You can add HTML tags in the following places:

The HTML Editor allows for advanced styling and supports most HTML tags. Certain tags, however, aren't supported in the HTML Editor, and such tags are automatically ignored when you save the HTML code. The list of unsupported tags depends on the sanitizer enforced by your administrator.

In this topic

Sanitizers

  • Legacy sanitizer: Applies less strict rules to HTML tags compared to the new sanitizer. The legacy sanitizer is enabled and enforced by default.
  • New sanitizer: Applies stricter rules to HTML tags compared to the legacy sanitizer. These stricter rules are for improving platform security.

Both sanitizers remove HTML tags that don't meet certain specifications or violate security rules for allowed tags and attributes. For more information, go to Enforce legacy sanitizer.

Supported HTML tags with legacy sanitizer enabled

The following is a list of all the supported HTML tags with the legacy sanitizer enabled.

  • a
  • b
  • big
  • blockquote
  • br
  • button
  • center
  • cite
  • code
  • col
  • colgroup
  • dd
  • div
  • dl
  • dt
  • em
  • fieldset
  • font
  • form
  • h1
  • h2
  • h3
  • h4
  • h5
  • h6
  • hr
  • i
  • img
  • input
  • label
  • legend
  • li
  • link
  • map
  • no-hyperlink
  • ol
  • option
  • p
  • pre
  • samp
  • select
  • small
  • span
  • strike
  • strong
  • style
  • sub
  • sup
  • table
  • tbody
  • td
  • textarea
  • tfoot
  • th
  • thead
  • tr
  • u
  • ul

Unsupported HTML tags with legacy sanitizer enabled

The following is a list of some of the unsupported HTML tags with the legacy sanitizer enabled.

  • body
  • head
  • html
  • meta
  • script
  • svg
  • title

Supported HTML tags with new sanitizer enabled

The following is a list of all the supported HTML tags with the new sanitizer enabled.

  • a
  • b
  • big
  • blockquote
  • br
  • center
  • code
  • col
  • colgroup
  • div
  • em
  • fieldset
  • font
  • h1
  • h2
  • h3
  • h4
  • h5
  • h6
  • hr
  • i
  • img
  • label
  • legend
  • li
  • ol
  • p
  • pre
  • small
  • span
  • strike
  • strong
  • style
  • table
  • tbody
  • td
  • th
  • thead
  • tr
  • u
  • ul

Unsupported HTML tags with new sanitizer enabled

The following is a list of some of the unsupported HTML tags with the new sanitizer enabled.

  • body
  • button
  • form
  • head
  • html
  • input
  • link
  • meta
  • script
  • select
  • svg
  • textarea
  • title
Tip 
  • The HTML Editor in dashboard text widgets supports iframes. However, this can potentially allow an attacker to run an XSS attack by injecting malicious HTML. To improve security, you can have the following HTML elements automatically removed via the Prevent advanced html features in text dashboard setting in Collibra Console.
    • frame
    • frameset
    • iframe
    • Any event handlers

    For more information, go to Security configuration.

  • The <style> tag affects only elements in the related text editor area, such as the text widget or attribute.