Problem

You want to permit different HTML tags in your comment and TrackBack ping displays than what is allowed by default.

Solution

Create your own Sanitize specification.

Discussion

The default Sanitize specification does a good job of protecting your weblogs from malicious markup making its way into your layouts. It is generally recommended that you stick with the defaults unless you have good reason and are confident you understand the format of the sanitize specification as described here. Improper specification could result in a breach of your server's security.

The sanitize spec consists of HTML tag names separated by commas any permitted attributes that are separated by spaces. Let's look at a few examples:

 a href,b

This spec will permit a tags with the href attribute and b tags. As previously mentioned, you must specify any permitted attributes, such as href, for the a tag. All attributes are stripped by default.

 p,br/

This spec allows p and br tags. Note the / appended to the br tag in this example. Because of the tag-closing feature implemented in sanitization, the processor would insert an unnecessary and illegal </br> to the markup. Adding the / after the tag name tells the parser that this tag does not need a closing tag.

If you wish to allow a certain attribute for any HTML tag in which it might appear, use a * (asterisk) as the tag name, followed by the list of attributes. For instance:

 br/,p,blockquote,* style

This spec will allow any of the following tags.

 <br style="..." />
 <p style="..." />
 <blockquote style="...">

You must still explicitly list any tags that you want included. The asterisk just allows the attribute listed in any of those tags.