php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76393 serving comments
Submitted: 2018-05-30 09:37 UTC Modified: 2018-05-30 09:53 UTC
From: andrew at grillet dot co dot uk Assigned:
Status: Not a bug Package: FPM related
PHP Version: 5.6.36 OS: OpenBSD
Private report: No CVE-ID: None
 [2018-05-30 09:37 UTC] andrew at grillet dot co dot uk
Description:
------------
I am using PHP with FPM on OpenBSD, but I do not think that is relevant.

The issue is that I have html comments in my HTML (duh!). They are comments, not  for end user consumption. They are served to the client. It is true that the browser will hide them from users, but, unless debugging, I would prefer the user can't see the comments by enabling debugging in the browser. 

I would like to have a php.ini setting, or possibly php_fpm setting, that strips html comments while serving. 

I agree that the server could/should do this, but I also use Apache on Ubuntu, and have colleagues using nginx on Macs, and the situation is the same. All use php, so it seems to me that php is where to fix this issue. 

Test script:
---------------
index.html
-----%<-------------------
<html>
<head>
</head>
<body>
<?php
print("See this, Jimmy!<br>
(C)  1987, British Rail and others<br>");
?>
<!--
This is a comment, not for end-user consumption. I want this stripped while serving unless debugging.
-->
</body>
</html>
-----%<-------------------


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-05-30 09:40 UTC] spam2 at rhsoft dot net
PHP has no business here at all - PHP cares only about stuff between <?php ?> or <?=?> and anything else is a plain passthru

if you want to solve that don't mix HTML and code or use ob_start() combined with ob_get_clean(), strip comments with php userland code and echo the filtered output to the client

this is not the job of the scripting language itself and never will be
 [2018-05-30 09:52 UTC] requinix@php.net
-Status: Open +Status: Wont fix -Type: Bug +Type: Feature/Change Request -Package: FPM related +Package: Scripting Engine problem
 [2018-05-30 09:52 UTC] danack@php.net
-Status: Wont fix +Status: Not a bug -Type: Feature/Change Request +Type: Bug -Package: Scripting Engine problem +Package: FPM related
 [2018-05-30 09:52 UTC] requinix@php.net
This is a job for a templating library or an output buffering extension, not the core language itself.

You can always use PHP comments.
<?php /* This is a comment, not for end-user consumption. I want this stripped while serving unless debugging. */ ?>
 [2018-05-30 09:52 UTC] danack@php.net
This sounds like a job for a function:

```
function c($string) 
{
   if (defined('DEBUG_ENABLED') && DEBUG_ENABLED) {
	   echo $string;
   }
}


<?php
c('This is a comment, not for end-user consumption. I want this stripped while serving unless debugging.');
?>
```
 [2018-05-30 09:53 UTC] requinix@php.net
I... I think we did that at the exact same second.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Dec 06 21:03:34 2021 UTC