I discovered a bug in Firefox for the html comments. The html comments are broken by a double hyphen “–”.

On the bugzilla it was argued that is not a bug and the implementation is according to the standards http://www.w3.org/TR/html4/intro/sgmltut.html#h-3.2.4 .
The problem is that most web developers are probably not aware of this standard and this could lead to some unexpected results.

In the current version of Firefox (3.6.14) a “–” will close the comment and all that is after will be rendered normally.
In other browsers this will not happen and in the future version Firefox 4 also this will not be a problem, but the standard remains valid.
In Firefox 4 the double hyphen is still interpreted but the comment is closed at the next “>”.

A good practice is to not use html comments for user input expecting that will not show in browser.
If you do need to do that, be aware that functions as php’s htmlentities does not convert double hyphens.
Apparently WordPress knows about this so I can’t show you an example.