I think we should allow setting [[ https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/hidden | hidden attribute ]] on elements from wiki code. It is a stable part of HTML5 spec that shouldn’t have any security holes as it’s just applying display: none; styling from a browser. Given that we are not disallowing people from writing style="display:none;", it doesn’t make sense to disallow writing, essentially, a shorter form of this.
My use case (and how I found it):
https://ru.wikipedia.org/?diff=100071354&oldid=99010410
Relevant code:
https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/parser/Sanitizer.php$1760