Add a note about JavaScript injections to README

russross · Feb 17, 2014 · 84ee8e6 · 84ee8e6
1 parent 2f50a53
commit 84ee8e6
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -89,6 +89,11 @@ All features of upskirt are supported, including:
     known inputs that make it crash.  If you find one, please let me
     know and send me the input that does it.
 
+    NOTE: "safety" in this context means *runtime safety only*. It is
+    not bullet proof against JavaScript injections, though we're working
+    on it (https://github.com/russross/blackfriday/issues/11 tracks the
+    progress).
+
 *   **Fast processing**. It is fast enough to render on-demand in
     most web applications without having to cache the output.