Injects debug comments into HTML attribute values

[ravinggenius]

I have a widget that simply returns a URL to be used as the value of an anchor's href attribute. When debugging comments get injected, they end up inside the href value, which breaks the link. (HTML comments are not allowed inside HTML attributes or tags.)

Preconditions

1. magento/product-enterprise-edition: 2.2.5 via composer
2. Composer version 1.7.2 2018-08-16 16:57:12 via homebrew

Steps to reproduce

1. Create a widget template (referenced as Foo_Whatever::widget/link/href-only.phtml):

   <?php
   
   /** @var \Magento\Catalog\Block\Widget\Link $block */
   
   ?>
   
   <?php echo $block->getHref() ?>

2. Create a CMS entry with a link that uses a widget

   <a href="{{widget type="Magento\Cms\Block\Widget\Page\Link" template="Foo_Whatever::widget/link/href-only.phtml" page_id="42"}}">Find answers here!</a>

Expected result

1. The href value shouldn't be broken.

Actual result

1. HTML debug comments are inserted around the URL, breaking HTML spec and confusing user agents.

Would it be possible to optionally skip marking CMS variables? Or maybe allow for an admin-defined blacklist of templates to skip wrapping?