Currently, Sanitizer.php bans the use of an <a> tag, even though it's possible to mostly replicate the effect of an <a> tag using internal or external link markup (e.g., "[[foo]]" or "[http://example.com foo]"). However, wikimarkup does not allow for certain attributes to be passed to the rendered <a> tag, for example title="" and target="".
Obviously a whitelist/blacklist would be needed to allow or disallow certain attributes from being used, however I believe some of this sanitation is already built in to MediaWiki or could easily be as necessary. Allowing the <a> tag has a number of benefits and it's the usual practice to allow the HTML equivalents of markup that's allowed in wikitext.
Version: unspecified
Severity: minor