2

I use github, github-pages, kramdown and jekyll to publish my static sites.

I need to embed html comments that are visible when viewing the source of a page. The reason for this that I want to be able to visually use comments to differentiate between the different parts of raw source html markup. This is doable by using regular html syntax:

<!-- here's my comment -->

The problem I've encountered is that while I serve my jekyll site locally I do see comments in the page source, but once pushed to my github repository the comment isn't visible anymore. However it's still visible in my repo when viewing the raw markdown source file.

The behavior I expect would be seeing my comment in the page source code like I do locally. I've tried kramdown comment syntax:

{::comment}
 here's my comment
{:/comment}

This works but this way I don't see it in the page source at all. Another solution I've tried is the workaround described in this response. It works but it produces an actual html tag and therefore any clear separation between the comment and the other html tags is lost.

The bottom-line is that I want to see the comment when viewing my page source even after pushing my files to my repository.

Is there something I'm missing here or isn't it possible to keep html comments intact while used in conjunction with github-pages?

EDIT: Turns out it was not a markup or Github problem after all. I use a CDN service, this minified the HTML and stripped away HTML comments.

  • If you just add `` in a .yml file it will be available in the source of the html page. – marcanuy Mar 08 '17 at 13:20
  • Markdown files rendered on the GitHub site will have raw HTML stripped out as a security measure. You would essentially need to request that GitHub disable their security, which it not going to happen. – Waylan Mar 08 '17 at 16:54
  • Do you have a repository url ? – David Jacquel Mar 09 '17 at 16:35
  • @Waylan Do you happen to have link or something like that so I could read and learn more about this? My search engine skills seem to fail me at the moment. –  Mar 09 '17 at 23:28
  • @marcanuy I don't know. The files in question are aren't yaml files though. They are markdown files. –  Mar 09 '17 at 23:45
  • @kxx GitHub documents their Markdown support at [github/markup](https://github.com/github/markup#github-markup). StackOverflow documents their similar security measures under [What HTML tags are allowed on Stack Exchange sites?](https://meta.stackexchange.com/a/135909) and for a good explanation of the security concerns related to raw HTML in Markdown read [Markdown and XSS](https://michelf.ca/blog/2010/markdown-and-xss/). If you still question the need for such aggressive policies, then consider many of [these XSS examples](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet). – Waylan Mar 10 '17 at 02:10
  • @Waylan I thank you for the reading. I was not aware any security concerns related to Markdown. –  Mar 10 '17 at 12:33
  • @Waylan note: GH pages does not have XSS security features like e.g. comments on main site since users can already upload arbitrary JavaScript to it directly. The XSS security there is based only on subdomain separation (`username1.github.io` vs `username2.github.io`). – Ciro Santilli OurBigBook.com Jun 11 '17 at 11:54
  • Sorry. Somehow I missed that this was in reference to GitHub Pages. My comments were regarding the GitHub website itself. – Waylan Jun 11 '17 at 18:21

1 Answers1

1

Please check there is no "HTML Minification" running on GitHub which could be actually removing comments while serving for save bandwidth.

SACn
  • 1,862
  • 1
  • 14
  • 29
  • This actually led me on the right path. Turns out it _was not_ a markup or Github problem after all. I use a CDN service and this actually minified the HTML and stripped away HTML comments. It probably wouldn't have crossed my mind if you hadn't replied. –  Mar 12 '17 at 14:13