I just got a question in an anonymous comment about how I implemented the comment system I was telling about.

The source code for the comments, like all the other source code for my blog system, is in this git repository. Of particular interest is the code in comments.go and captcha.go.

comments.go contains fairly simple code to display and store comments and provide a backend page that allows me to delete comments.

Like all the blog software, SQLite is used for storage. But before the comments are saved, all HTML is first removed from the comment using the bluemonday library to prevent XSS attacks.

To prevent spam, captcha.go comes into play. This provides a Go HTTP middleware to display a captcha to be solved for requests. If someone wants to create a new comment, a captcha is displayed and if successfully solved, the original comment submission request is executed and it is stored in a cookie with a JWT token that the captcha was solved. Captchas are created using a captcha library.

After a comment is saved, a webmention is created with the post’s destination and I can accept or reject the comment in the webmention backend. If I click to accept, the comment will be displayed under the post.

I’ve been curious about implementing them on static sites, particularly without the use of Javascript.

One thing to keep in mind, however, is that my blog is no longer a static site. The comment feature is one of the features (like search) that would probably have been much harder to implement with a static site. I used to be a fan of static sites, too, but static sites also have limits on what functionality is possible and what is not.