diff --git a/src/main/java/org/owasp/html/HtmlChangeListener.java b/src/main/java/org/owasp/html/HtmlChangeListener.java index 67a7fe11..1ac1ee35 100644 --- a/src/main/java/org/owasp/html/HtmlChangeListener.java +++ b/src/main/java/org/owasp/html/HtmlChangeListener.java @@ -34,6 +34,15 @@ * Receives events when an HTML tag, or attribute is discarded. * This can be hooked into an intrusion detection system to alert code when * suspicious HTML passes through the sanitizer. + *
+ * Note: If a string sanitizes with no change notifications, it is not the case + * that the input string is necessarily safe to use. + * Only use the output of the sanitizer. + * The sanitizer ensures that the output is in a sub-set of HTML that commonly + * used HTML parsers will agree on the meaning of, but the absence of + * notifications does not mean that the input is in such a sub-set, + * only that it does not contain structural features that were removed. + *
*/ public interface HtmlChangeListener