Zend_Filter_StripTags contains a flag,
commentsAllowed, that, in previous versions, allowed you to
optionally whitelist HTML comments in HTML text
filtered by the class. However, this opens code enabling the flag to
XSS attacks, particularly in Internet Explorer (which allows
specifying conditional functionality via HTML comments). Starting
in version 1.9.7 (and backported to versions 1.8.5 and 1.7.9), the
commentsAllowed flag no longer has any meaning, and all
HTML comments, including those containing other
HTML tags or nested commments, will be stripped from the final output
of the filter.
