Just edit the wiki. Found it in https://www.w3schools.com/html/html_formatting.asp

Have fun!

If you are interested in taking things further, I do recommend mdn as an excellent learning recourse. As a professional web developer I use it almost every day—be it as a reference or when I need to learn something new.

As a starting point I recommend the article about HTML basics.

Note that on this forum, not all html works, only some formatting tags (such as <p>, <big>, <strong>, etc) work, and as far as I know attributes only work for providing the href in links and images:

• <a href="http://online-go.com/">link</a> becomes link.

Most regrettably, it’s not possible to add css to anything on the forum…

That’s definitely deliberate - allowing too much leads to security risks, because you can make things that look very convincingly like forum controls, but actually are not. Plus, sandboxing advanced formatting li e that to just the post can be tricky, and result in someone actually taking over the legitimate forum buttons.

Taking over the forum buttons will be difficult, though, you need more than just formatting to do that. MediaWiki allows styling of html objects, and does not have security problems.

I guess the limitations of Discourse are also for general stylistic reasons. Avoiding arbitrary fonts, colors, images that break out of the bounds of a single post, etc., were probably deliberate design considerations in order to keep the appearance of posts a bit more uniform and consistent with the format and expectations of a forum. However, for April Fools’ Day, I was tempted to request on meta.discourse.org for adding support for the <blink> tag.

@ginger2008, the formatting on this forum only supports a very limited subset of HTML, and most things can and should be most easily accomplished using Discourse’s specific dialect of Markdown.

Here is a thread that goes into using these forums in much more detail:

Not including colors

Specifically, it would be if you broke out of the sandbox and were able to influence the css of the rest of the page. By “take over” the other controls, I basically mean hiding them and showing your own instead. There’s ways to lock it down, but there are so many ways around a lot of protections that opening the floodgates is risky business. (Infosec is a large part of my job, and web app security ends up tying into that from time to time.)

I might be wrong but I think there have been described—at least in theory—XSS attacks which only injects CSS and not JavaScript. It requires some social hacking but you basically have to fool the user into doing what you’d otherwise have scripted.

Some sanitizer libraries allow you to specify a whitelist of allowed rules in the style attribute. I can see it can be useful for example to specify the color and the background-color of a <mark> element.

haha thanks lol