Share

List of escaped HTML tags

For increased security, potentially harmful HTML tags are escaped in all GETs against the v3 API.

Example: the string:

<a href="mailto:someone@yoursite.com">

will be returned in the GET response as:

&lt;a href=&quot;mailto:someone@yoursite.com&quot;&gt;Email Us&lt;/a&gt;

The HTML tags listed below are all escaped by default in the v3 API.

Commons

"b", "i", "font", "s", "u", "o", "sup", "sub", "ins", "del", "strong", "strike", "tt", "code", "big", "small", "br", "span", "em", "mark", "kbd", "samp", "var"

Blocks

"p", "div", "h1", "h2", "h3", "h4", "h5", "h6", "ul", "ol", "li", "blockquote"

"a"

Images

"img", "map", "area", "picture"

Videos

"video", "source"

Table

"table", "tr", "td", "th", "colgroup", "caption", "col", "thead", "tbody", "tfoot"

Pre

"pre"

Font

"font"

Meter

"meter"

IFrame

"iframe"

Script

"script", "noscript"

CSS

"style", "link"

Form

"form", "input", "select", "textarea", "label", "fieldset", "legend"

Quotes

"q", "abbr", "address", "cite", "bdo"

Others

"html", "body", "head", "base", "title", "meta", "doctype", "button", "hr", "xss"

Was this information helpful?