Why is it a problem?
Using regular HTML comments (text between <!--
and -->
) in templates causes the Django template engine to render these comments in the HTML page that is produced, usually these comments are intended for developers, and thus can expose certain aspects of the web server. Such comment can for example look like:
<!-- exclude dashboard for
-not authenticated users
-users with not enough privilege
-->
What can be done to resolve the problem?
The Django template engine has enabled comment sections. One can write a single line comment between {#
and #}
, for example:
{# your comment here #}
or one can make use of the {% comment %}…{% endcomment %}
template tags [Django-doc] to write comments that span over multiple lines, for example:
{% comment %}
your
multiline
comment
here
{% endcomment %}