Forum List Message List New Topic
Snor
How do I remove all HTML comments?
April 18, 2012 12:43AM

Not sure if I am going crazy but I thought HTML Purifier used to remove all comments from the HTML by default?

Now it is not doing anyway, and I want to remove them.. all of them. There doesn't seem to be a setting to remove comments, and it doesn't happen by default.. so is this even possible??

(Basically some IE conditional comments are getting copied into a wysiwyg area from Word, and they're not getting removed...)

Reply Quote
Ambush Commander
Re: How do I remove all HTML comments?
April 18, 2012 12:54AM

Still does http://htmlpurifier.org/demo.php?filter%5BAutoFormat.AutoParagraph%5D=0&filter%5BAutoFormat.DisplayLinkURI%5D=0&filter%5BAutoFormat.Linkify%5D=0&filter%5BAutoFormat.RemoveEmpty%5D=0&filter%5BAutoFormat.RemoveSpansWithoutAttributes%5D=0&filter%5BNull_CSS.AllowedProperties%5D=1&filter%5BCore.CollectErrors%5D=0&filter%5BNull_HTML.Allowed%5D=1&filter%5BNull_HTML.Doctype%5D=1&filter%5BHTML.SafeObject%5D=0&filter%5BHTML.TidyLevel%5D=medium&filter%5BURI.DisableExternalResources%5D=0&filter%5BNull_URI.Munge%5D=1&html=%3C%21--+test+--%3E&submit=Submit

Did you change environments?

Reply Quote
Snor
Re: How do I remove all HTML comments?
April 18, 2012 10:21AM

Thanks for the quick reply - after your assurances I looked for other causes and it seems to be caused by the fact that I had "HTML.Trusted" applied on this website in particular. I don't usually use this but it was actually required at some point and I don't quite remember why... haha :) Maybe there are some comments that need leaving in somewhere, but I see HTML Purifier has the option to do that now anyway - awesome! Will look into that further to see why it was set to Trusted, but I have another question or two now due to this :)

First, what does HTML.Trusted *actually* do - this doesn't seem to be documented properly, like the specifics of it.

Is it possible to have HTML.Trusted set while still removing comments? It seems like this directive does things that can't be override any other way - although maybe I would be better off building all the specific rules I need individually instead of using Trusted?

Thanks for the awesome software anyway, been using it for quite a while now for all sorts of stuff!

Reply Quote
Ambush Commander
Re: How do I remove all HTML comments?
April 18, 2012 05:17PM

It is unspecified, and the point is that you REALLY REALLY should trust your users if you turn it on. It turns on as much as possible, and that amount is monotonically increasing with new versions of HTML Purifier.

Reply Quote
AvenidaGez
Re: How do I remove all HTML comments?
March 13, 2013 11:32PM

How do I let user write PHP HTML JAVASCRIPT code in comments? not functional code, just samples of code.

Reply Quote
Ambush Commander
Re: How do I remove all HTML comments?
March 14, 2013 12:08AM

The usual convention is to use PRE tags plus CDATA.

HTML Purifier, Standards-Compliant HTML Filtering

Reply Quote
Newer Topic Older Topic
Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with < and >.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines: 

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with: 

.htmlpurifier-help {display:none;}

Message: