ASP.NET: Is there a way to serve static html files without programming comments? -
i'm serving static html, , want them sent client without <!-- comment -->
comments, can compromise security.
is there way this?
something similar razor's @* comment *@
html...
you write comments in between razor's comment tags instead of html comment tags. won't visible on front-end.
besides this, printing put in html file text (server-side scripts razor , php excluded). there no way take comments out of static html unless minify them on server through tool. since state static html pages, i'm guessing aren't using tools @ all?
you use tools http://www.willpeavy.com/minifier/ , example.
the security risks of leaving comments in shouldn't bad. shouldn't putting valuable information in html comments in first place. nowadays used showing element starts and/or ends when other programmers take over.
your javascript visible on website well. let's work ajax calls , database. create more risk html comments. obviously, have make sure don't share important information cause security issues in client-side comments.
if automated system serving html , can remove comments before giving out, use function this:
you use html agility pack .net library. here article explains how use on so: how use html agility pack
this c# code remove comments:
htmldocument doc = new htmldocument(); doc.load("yourfile.htm"); // comment nodes using xpath foreach (htmlnode comment in doc.documentnode.selectnodes("//comment()")) { comment.parentnode.removechild(comment); } doc.save(console.out); // displays doc w/o comments on console
source: removing html comments (you can find lots more options here)
it'll simple matter of triggering such function before saving html static file, or editing existing file filter out comments.
Comments
Post a Comment