The feature of allowing users to enter arbitrary html code adds risks of cross site scripting attacks, and the reason why virtually all wikis don't allow arbitrary HTML is for precisely that reason. The defense used is "twiki is for corporate use, not commercial" make that "not public internet". Which is incredibly weak, but a valid defense to a very limited extent. The feature of allowing arbitrary html does have benefits. For many twiki users, it is one of the primary reasons for choosing twiki in the first place. "I was a bit afraid that disabling all html would force to invent tons of ugly twiki constructo to replace html. That's the trend I have seen on twiki with no html" (Colas on irc
)
However this doesn't mean the risk doesn't exist. What it does mean is that some careful thinking needs to take place about how to lessen the risk without losing the benefits of html.
There are many topics on twiki.org on this issue. Those who know, please reference them here. Better yet, if you have the time, refactor them. 
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.