[[template id=plugin name=htmlscrubber core=1 author="[[Joey]]"]]
-[[tag type/html type/core]]
+[[tag type/html]]
This plugin is enabled by default. It sanitizes the html on pages it renders
to avoid XSS attacks and the like.
content as anything else on the web, I cannot guarantee that it will
actually protect every user of every browser from every browser security
hole, badly designed feature, etc. I can provide NO WARRANTY, like it says
-in ikiwiki's [GPL](GPL) license.
+in ikiwiki's [[GPL]] license.
The web's security model is *fundamentally broken*; ikiwiki's html
sanitisation is only a patch on the underlying gaping hole that is your web
browser.
+Note that enabling or disabling the htmlscrubber plugin also affects some other
+HTML-related functionality, such as whether [[meta]] allows potentially unsafe
+HTML tags.
+
----
Some examples of embedded javascript that won't be let through when this