From 84ee8e62f639b3084fda017e785aa74fe272b895 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vytautas=20=C5=A0altenis?= <vytas@rtfb.lt>
Date: Mon, 17 Feb 2014 21:08:10 +0200
Subject: [PATCH] Add a note about JavaScript injections to README

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 12f1ed2..d837df3 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,11 @@ All features of upskirt are supported, including:
     known inputs that make it crash.  If you find one, please let me
     know and send me the input that does it.
 
+    NOTE: "safety" in this context means *runtime safety only*. It is
+    not bullet proof against JavaScript injections, though we're working
+    on it (https://github.com/russross/blackfriday/issues/11 tracks the
+    progress).
+
 *   **Fast processing**. It is fast enough to render on-demand in
     most web applications without having to cache the output.