People post a good bit of HTML in the comments of articles on this site. They are trying to demonstrate something, ask for troubleshooting help, show alternate techniques, etc. This is excellent. I want to encourage this as much as possible. Unfortunately people are often confused on how to do it correctly and get frustrated when it comes out wrong.
I have to post instructions in the comment area to teach people the best way for this site:
- You can use basic HTML
- When posting code, please turn all < characters into <
- If the code is multi-line, use <pre><code></code></pre>
Ideally I'd like to get rid of all of those instructions completely, and have everything "just work". Here are two changes that would get pretty close to ideal for comments on this site:
1. Any HTML that isn't one of the "allowed tags" gets escaped.
WordPress has this default set of allowed tags:
<a href="" title="">
If someone uses these tags in a comment, they will apply to that text and render appropriately. If they use any other tag, it should escape, not be stripped or inappropriately render. So:
I'd also say that if it's a single line of code as in this example (does not contain line breaks) it should wrap the newly escaped code in <code></code> tags.
Also, if the code is already escaped like
<span> then leave it alone.