On 30/12/12 08:23, Alex Brollo wrote:
I'd like to use html comment into raw wiki text,
to use them as effective,
server-unexpensive "data containers" that could be read and parsed by a js
script in view mode. But I see that html comment, written into raw wiki
text, are stripped away by parsing routines. I can access to raw code of
current page in view mode by js with a index.php or an api.php call, and I
do, but this is much more server-expensive IMHO.
Is there any sound reason to strip html comments away? If there is no sound
reason, could such a stripping be avoided?
They're stripped by the preprocessor because otherwise, all the parser
functions break.
In pre-save-transform mode, there is no choice but to preserve
comments, so the parser functions do actually break. But that's less
visible than what would happen if you omitted comment stripping in
HTML mode.
It would be easy enough to sanitize HTML comments so that they don't
cause XSS vulnerabilities, that's not the issue.
-- Tim Starling