Prevent modules from Adding '' to source code

By Adolph on 13 Oct 2009 at 10:20 UTC

when I enable some modules like admin_menu or lightbox, drupal adds the following line in my source code:

<!--//--><![CDATA[//><!--
jQuery.extend(Drupal.settings, { "basePath": "/drupal614/", "lightbox2": ...
//--><!]]>

1-what is this used for?
2-how can I Prevent modules from Adding it to my source code?
thanks..

Comments

It's not something you should

almond81 commented 13 October 2009 at 13:44

It's not something you should remove from your source code. It's to allow smooth running and help validate to strict XML.

Below is a snippet from the w3schools website

CDATA - (Unparsed) Character Data

The term CDATA is used about text data that should not be parsed by the XML parser.

Characters like "<" and "&" are illegal in XML elements.

"<" will generate an error because the parser interprets it as the start of a new element.

"&" will generate an error because the parser interprets it as the start of an character entity.

Some text, like JavaScript code, contains a lot of "<" or "&" characters. To avoid errors script code can be defined as CDATA.

Everything inside a CDATA section is ignored by the parser.

A CDATA section starts with "":

for security reasons I want

Adolph commented 15 October 2009 at 06:05

thanks,
but for security reasons I don't want anyone to know I'm using drupal, but "jQuery.extend(Drupal.settings" string in CDATA reveals that. what do u suggest? can I change that?

You can't. It's part of the

jaypan

Victoria, BC

commented 15 October 2009 at 13:15

You can't. It's part of the Drupal core.

If you keep your Drupal installation updated regularly, you won't have to worry about security anyways. That's one of the advantages of well used open-source applications - you have thousands of people testing it, and they are more likely to find security holes and patch them than when using something less used.

Contact me to contract me for D7 -> D10/11 migrations.

But I saw some sites like

Adolph commented 26 October 2009 at 07:05

But I saw some sites like spreadfirefox , snowboard-mag.com and research.yahoo.com use drupal and there isn't such thing in their source code.

no point.

dman commented 26 October 2009 at 08:33

Easy, your choice : stop using Lightbox of any javascript that uses the Drupal APIs.

There are a dozen other ways to detect if your site is using Drupal, and this signature is one of the most unreliable ones - no-one would look for it when doing exploits because you don't see it unless the site is also using certain Javascripts.
So you will not achieve anything by trying to hide like that. You don't want that code to show up, don't use the code. But it won't make any real difference.

The same question (and answer) is here [#478008]

_{.dan. is the New Zealand Drupal Developer working on Government Web Standards}

Prevent modules from Adding '<![CDATA[//>' to source code

Comments

It's not something you should

for security reasons I want

You can't. It's part of the

But I saw some sites like

no point.

New forum topics

News items

Our community

Documentation

Drupal code base

Governance of community