Inline HTML comments in markdown are visible on rendered page

support
1

Using Hugo 0.93 with [markup.goldmark.renderer] and unsafe = true

When building markdown files, Hugo recognizes comments on their own line and does not render them to the site on build

Hello, how are you?
<!-- i don't really know -->
Ok fair enough

However, when I use HTML comments inline (below), it renders to the page but with one dash removed and prints the HTML entity

Hello, how are you? <!-- i don't' really know --> Ok fair enough

&lt;!&ndash; I don't really know &ndash;&gt;

Questions:

  1. I’m fairly confident this has not always been the case, but not sure at which point the change occurred, whether it be a version of Hugo or the Markup renderer.
  2. Is there something I’m missing or overlooking?

Any feedback would be appreciated. Thank you.

1 Like
2

Not a solution, just some notes on the way there.

  • This started with v0.93.3, where we bumped the Goldmark version from 1.4.7 to 1.4.8
  • The behavior does not follow the CommonMark spec (try it)

I’ve got the ball…

https://github.com/yuin/goldmark/issues/285

https://github.com/gohugoio/hugo/issues/9650

https://github.com/gohugoio/hugo/pull/9651

4 Likes
3

Fantastic, thanks for quick reply and moving this to an issue. Keep up the great work!

2 Likes
4

Thanks for that headsup!

I just ran rg -thtml '\&lt;\!-- ' in my public/ directory locally and I am safe1.

1 I found 2 matches but both were for intentionally exported HTML comments like this. That just confirmed that the regex works :slight_smile:

1 Like