Add a note about JavaScript injections to README

2024-03-22 13:40:34 +08:00 · 2014-02-17 21:08:10 +02:00 · 2014-02-17 21:08:10 +02:00 · 84ee8e62f6
commit 84ee8e62f6
parent 2f50a53f8e
1 changed files with 5 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -89,6 +89,11 @@ All features of upskirt are supported, including:
    known inputs that make it crash.  If you find one, please let me
    know and send me the input that does it.

+    NOTE: "safety" in this context means *runtime safety only*. It is
+    not bullet proof against JavaScript injections, though we're working
+    on it (https://github.com/russross/blackfriday/issues/11 tracks the
+    progress).
+
 *   **Fast processing**. It is fast enough to render on-demand in
    most web applications without having to cache the output.