frank - 2011-11-12 10:14:44
I use InputFilter to protect me from code injection in html output. So, am I being naive in considering comment tags as harmless?
Anyway, I have specific comment tags like <!--StartFragment--> that structure my html, so I want to keep them. Is there a way to tell InputFilter to do so? Right now I have to replace them before applying InputFilter which seems to purge all HTML comments under any configuration.
