HTML Allowlist for LWS Sanitizer

Here is a list of allowed elements, which are retained in the DOM after sanitization. LWS removes HTML elements that aren’t in this list.

• a, abbr, acronym, address, area, article, aside, audio
• b, bdi, bdo, big, blockquote, body, br, button
• caption, canvas, center, cite, code, col, colgroup, command
• datalist, dd, del, details, dfn, dir, div, dl, dt
• em
• fieldset, figure, figcaption, footer, form
• h1, h2, h3, h4, h5, h6, head, header, hgroup, hr
• i, iframe, img, input, ins
• keygen, kbd
• label, legend, li
• map, mark, menu, meter
• nav
• ol, optgroup, option, output
• p, pre, progress
• q
• rp, rt, ruby
• s, samp, section, select, small, source, span, strike, strong, style, sub, summary, sup
• table, tbody, td, textarea, tfoot, th, thead, time, tr, track, tt
• u, ul
• var, video
• wbr

For example, this code contains a <script> tag, which isn’t allowed.

After sanitization, it becomes: