On Sat, Dec 29, 2012 at 6:59 PM, Platonides Platonides@gmail.com wrote:
Is there any sound reason to strip html comments away? If there is no sound reason, could such a stripping be avoided?
Comments can sometimes be used to get XSS in unexpected ways (like conditional comments for IE). I think they're stripped because that was easier then writing a sanitizer for them, and they're pretty useless.
If all else fails, you can do the hacky thing of stuffing information into either a class attribute or title attribute of an element. (data even better, but I don't know if that's allowed in wikitext or not)
--bawolff