Home/ Questions/Q 77579
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T20:51:09+00:00

escaping html is fine – it will remove < ‘s and > ‘s etc.

  • 0

escaping html is fine – it will remove <‘s and >‘s etc.

ive run into a problem where i am outputting a filename inside a comment tag eg. <!-- ${filename} -->

of course things can be bad if you dont escape, so it becomes: <!-- <c:out value='${filename}'/> -->

the problem is that if the file has ‘–‘ in the name, all the html gets screwed, since youre not allowed to have <!-- -- -->.

the standard html escape doesnt escape these dashes, and i was wondering if anyone is familiar with a simple / standard way to escape them.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Definition of a HTML comment:

    A comment declaration starts with <!, followed by zero or more comments, followed by >. A comment starts and ends with ‘–‘, and does not contain any occurrence of ‘–‘.

    Of course the parsing of a comment is up to the browser.

    Nothing strikes me as an obvious solution here, so I’d suggest you str_replace those double dashes out.

    • 0