tags:

views:

123

answers:

4
+3  Q: 

Showing HTML comment strings (<!-- -->) in HTML files

Hello all.

I'm building a source code search engine, and I'm returning the results on a HTML page (aspx to be exact, but the view logic is in HTML).

When someone searches a string, I also return the whole line of code where this string can be found in a file. However, some lines of code come from HTML/aspx files and these lines contain HTML specific comments ().

When I try to print this line on the HTML page, it interprets it as a comment and does not show it on the screen....how should I go about solving this so that it actually shows up?

Any help would be welcomed. Thanks.

+6  A: 

As with any other HTML — covert special characters to entities. In particular < to &lt;

David Dorward  2010-04-16 09:31:58
+3  A: 

Escape the characters < and > to &lt; and &gt;

see also: http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references

Jasper  2010-04-16 09:33:32
+2  A: 

Any time you output text into an HTML page, you must HTML-encode it. If you don't then not only will comments (and other markup-like strings) disappear, but you'll also have great big cross-site-scripting security holes, as potentially untrusted parties will be able to insert <script> into your security context.

(aspx to be exact

In .NET the HTML-encoding method is called, naturally enough, HTMLEncode. You might also use a web control that HTML-encodes automatically for you, for example a Literal with literalmode encode.

but the view logic is in HTML)

Not sure what you mean by that but if you're using innerHTML to set content from script, you'll need to write your own HTML-encoder, as there isn't one built in to JS:

// HTML-encode a string for use in text content or an attribute value delimited by
// double-quotes
//
function HTMLEncode(s) {
    return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/"/g, '&quot;');
}

or, potentially better, use DOM methods and properties to set dynamic content rather than messing with HTML strings. (For setting text content, use element.textContent=, falling back to element.innerText for IE which doesn't support it.)

bobince  2010-04-16 09:35:01
Thanks, great answer. I only need to use HttpUtility.HTMLEnconde for now. I'm not doing any computation on the client side, all is done on the server. So for now, I'm not going to use any javascript methods.
Andrei  2010-04-16 09:47:48
A: 

You can use XML CDATA for this:

<![CDATA[ 
  some text with <!-- comments -->
]]>;
Андрей Костенко  2010-04-16 09:45:34
In theory you could, but no browser supports it in text/html mode.
David Dorward  2010-04-16 09:46:55
Also it's not secure for the general case even in `application/xhtml+xml` mode, since the text might include the `]]>` sequence.
bobince  2010-04-16 10:50:50

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?