documented

OWASP · Apr 20, 2019 · e4eff4f · e4eff4f
1 parent 778d5c2
commit e4eff4f
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/src/main/java/org/owasp/html/HtmlChangeListener.java b/src/main/java/org/owasp/html/HtmlChangeListener.java
@@ -34,6 +34,15 @@
  * Receives events when an HTML tag, or attribute is discarded.
  * This can be hooked into an intrusion detection system to alert code when
  * suspicious HTML passes through the sanitizer.
+ * <p>
+ * Note: If a string sanitizes with no change notifications, it is not the case
+ * that the input string is necessarily safe to use.
+ * Only use the output of the sanitizer.
+ * The sanitizer ensures that the output is in a sub-set of HTML that commonly
+ * used HTML parsers will agree on the meaning of, but the absence of
+ * notifications does not mean that the input is in such a sub-set,
+ * only that it does not contain structural features that were removed.
+ * </p>
  */
 public interface HtmlChangeListener<T> {
 

diff --git a/src/main/java/org/owasp/html/HtmlChangeReporter.java b/src/main/java/org/owasp/html/HtmlChangeReporter.java
@@ -35,7 +35,7 @@
 import javax.annotation.Nullable;
 
 /**
- * Sits between the HTML parser, and then policy, and the renderer so that it
+ * Sits between the HTML parser, the policy, and the renderer so that it
  * can report dropped elements and attributes to an {@link HtmlChangeListener}.
  *
  * <pre>