ASP.NET: Is there a way to serve static html files without programming comments? -


i'm serving static html, , want them sent client without <!-- comment --> comments, can compromise security.

is there way this?

something similar razor's @* comment *@ html...

you write comments in between razor's comment tags instead of html comment tags. won't visible on front-end.

besides this, printing put in html file text (server-side scripts razor , php excluded). there no way take comments out of static html unless minify them on server through tool. since state static html pages, i'm guessing aren't using tools @ all?

you use tools http://www.willpeavy.com/minifier/ , example.

the security risks of leaving comments in shouldn't bad. shouldn't putting valuable information in html comments in first place. nowadays used showing element starts and/or ends when other programmers take over.

your javascript visible on website well. let's work ajax calls , database. create more risk html comments. obviously, have make sure don't share important information cause security issues in client-side comments.

if automated system serving html , can remove comments before giving out, use function this:

you use html agility pack .net library. here article explains how use on so: how use html agility pack

this c# code remove comments:

htmldocument doc = new htmldocument(); doc.load("yourfile.htm");  // comment nodes using xpath foreach (htmlnode comment in doc.documentnode.selectnodes("//comment()")) {     comment.parentnode.removechild(comment); } doc.save(console.out); // displays doc w/o comments on console 

source: removing html comments (you can find lots more options here)

it'll simple matter of triggering such function before saving html static file, or editing existing file filter out comments.


Comments

Popular posts from this blog

java - Jasper subreport showing only one entry from the JSON data source when embedded in the Title band -

serialization - Convert Any type in scala to Array[Byte] and back -

SonarQube Plugin for Jenkins does not find SonarQube Scanner executable -