HTML comments and CDN

The functionality of HTML comments is self-explanatory: Comments should carry <!– comments  –>,i.e. contents that should be hidden from visitors (though this contents should of course not contain any type of sensitive information since it can be accessed very easily by looking at the source code) OR contents you’d like to hide temporarily. The latter, however, already defies the main purpose of HTML comments.

HTML comments however could also be used to trigger certain behaviour in Javascript. For example, by sending a request to another script using Ajax and hiding certain triggers in HTML comments. Your script might require the following:

• Response consists of HTML code with varying contents, depending on the parameters sent to the script
• Processing of the response not only includes displaying the contents that was returned by the script but maybe also more, depending on what was sent back (but you might not know what exactly will be returned if it’s dynamic contents)

One easy fix to deal with this requirement can be the usage of comments, for example by including <!– FAILED –> or <!– SUCCESS –> in the response. The script can then check whether FAILED or SUCCESS exists in the code and process differently based on the outcome. Very simple and effective and more or less foool-proof. Or so you might think, until you move your website to a CDN, such as CloudFlare: Some CDN will “optimize” your code to reduce unnecessary page load. This can (and in the case of CloudFlare for example definitely does) include the removal of ALL HTML comments in your code: And so, your script could stop working all of a sudden since process-deciding parameters have disappeared.

Lesson learnt: Use HTML comments for comments only – because they can disappear. Instead, use other techniques such as <div style=”display: none;”>FAILED</div> to “hide” system-relevant data.

Post a Comment

You must be logged in to post a comment.