From 559306ee4f7e28da72b9eb00c1fe85c98c0cde3a Mon Sep 17 00:00:00 2001
From: Kevin Chung <kchung@ctfd.io>
Date: Sun, 19 Jul 2020 21:07:20 -0400
Subject: [PATCH] Allow comments in HTML (#1555)

* Re-allow HTML comments in sanitized HTML
---
 CTFd/utils/security/sanitize.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CTFd/utils/security/sanitize.py b/CTFd/utils/security/sanitize.py
index 3098d24a..86aa9788 100644
--- a/CTFd/utils/security/sanitize.py
+++ b/CTFd/utils/security/sanitize.py
@@ -5,6 +5,7 @@ from lxml.html.clean import Cleaner  # nosec B410
 from lxml.html.defs import safe_attrs  # nosec B410
 
 cleaner = Cleaner(
+    comments=False,
     page_structure=False,
     embedded=False,
     frames=False,