diff --git a/detect_secrets/plugins/common/constants.py b/detect_secrets/plugins/common/constants.py
index 3ae46b512..60eee25e5 100644
--- a/detect_secrets/plugins/common/constants.py
+++ b/detect_secrets/plugins/common/constants.py
@@ -6,11 +6,12 @@
     for r in [
         r'[ \t]+{} *pragma: ?whitelist[ -]secret{}[ \t]*$'.format(start, end)
         for start, end in (
-            ('#', ''),              # e.g. python or yaml
-            ('//', ''),             # e.g. golang
-            (r'/\*', r' *\*/'),     # e.g. c
-            ('\'', ''),             # e.g. visual basic .net
-            ('--', ''),             # e.g. sql
+            ('#', ''),                    # e.g. python or yaml
+            ('//', ''),                   # e.g. golang
+            (r'/\*', r' *\*/'),           # e.g. c
+            ('\'', ''),                   # e.g. visual basic .net
+            ('--', ''),                   # e.g. sql
+            (r'<!--[# \t]*?', ' *?-->'),  # e.g. xml
             # many other inline comment syntaxes are not included,
             # because we want to be performant for
             # any(regex.search(line) for regex in WHITELIST_REGEXES)
diff --git a/tests/plugins/high_entropy_strings_test.py b/tests/plugins/high_entropy_strings_test.py
index 9a1474210..b62e75be4 100644
--- a/tests/plugins/high_entropy_strings_test.py
+++ b/tests/plugins/high_entropy_strings_test.py
@@ -110,6 +110,10 @@ def test_analyze_multiple_strings_same_line(self, content_to_format, expected_re
             "'{secret}' '  pragma: whitelist secret",
             "'{secret}'  -- pragma: whitelist secret",
             "'{secret}' --  pragma: whitelist secret",
+            "'{secret}' <!--pragma: whitelist secret-->",
+            "'{secret}' <!-- # pragma: whitelist secret -->",
+            "'{secret}' <!-- pragma: whitelist secret -->",
+            "'{secret}' <!--  pragma: whitelist secret  -->",
             # Test high entropy exclude regex
             '"CanonicalUser": "{secret}"',
             # Not a string