From df9752e9c1bfd3eaff132b15817baa1c6e989506 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Wed, 10 Apr 2013 18:01:04 +0100
Subject: [PATCH] add comment to Unified Diff Formatter making it clear the
 output is unsafe for use in HTML as is

---
 inc/DifferenceEngine.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php
index e0fbf8e030..783d6bea5a 100644
--- a/inc/DifferenceEngine.php
+++ b/inc/DifferenceEngine.php
@@ -1004,6 +1004,8 @@ function inline() {
  * "Unified" diff formatter.
  *
  * This class formats the diff in classic "unified diff" format.
+ *
+ * NOTE: output is plain text and unsafe for use in HTML without escaping.
  */
 class UnifiedDiffFormatter extends DiffFormatter {