On 30/12/12 08:23, Alex Brollo wrote:
I'd like to use html comment into raw wiki text, to use them as effective, server-unexpensive "data containers" that could be read and parsed by a js script in view mode. But I see that html comment, written into raw wiki text, are stripped away by parsing routines. I can access to raw code of current page in view mode by js with a index.php or an api.php call, and I do, but this is much more server-expensive IMHO.
Is there any sound reason to strip html comments away? If there is no sound reason, could such a stripping be avoided?
They're stripped by the preprocessor because otherwise, all the parser functions break.
In pre-save-transform mode, there is no choice but to preserve comments, so the parser functions do actually break. But that's less visible than what would happen if you omitted comment stripping in HTML mode.
It would be easy enough to sanitize HTML comments so that they don't cause XSS vulnerabilities, that's not the issue.
-- Tim Starling