Details
Alert ID 100011
Alert Type Script Passive
Status alpha
Risk Informational
CWE 615
WASC 13
Technologies Targeted All
Tags CWE-615
More Info Scan Rule Help

Summary

While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.

Solution

Remove comments which have sensitive information about the design/implementation of the application. Some of the comments may be exposed to the user and affect the security posture of the application.

Other Info

References

Code

passive/Find HTML Comments.js