Why is it a problem?
Using regular HTML comments (text between
<!--
and -->
) in
templates causes the Django template engine to render
these comments in the HTML page that is produced,
usually these comments are intended for developers, and
thus can expose certain aspects of the web server. Such
comment can for example look like:
<!-- exclude dashboard for
-not authenticated users
-users with not enough privilege
-->
What can be done to resolve the problem?
The Django template engine has enabled comment
sections. One can write a single line comment between
{#
and #}
, for example:
{# your comment here #}
or one can make use of the {%
comment %}…{% endcomment %}
template
tags [Django-doc] to write comments that
span over multiple lines, for example:
{% comment %}
your
multiline
comment
here
{% endcomment %}