documented

mikesamuel · mikesamuel · commit e4eff4f8e995 · 2019-04-20T15:17:39.000-04:00
diff --git a/src/main/java/org/owasp/html/HtmlChangeListener.java b/src/main/java/org/owasp/html/HtmlChangeListener.java
@@ -34,6 +34,15 @@
  * Receives events when an HTML tag, or attribute is discarded.
  * This can be hooked into an intrusion detection system to alert code when
  * suspicious HTML passes through the sanitizer.
+ * <p>
+ * Note: If a string sanitizes with no change notifications, it is not the case
+ * that the input string is necessarily safe to use.
+ * Only use the output of the sanitizer.
+ * The sanitizer ensures that the output is in a sub-set of HTML that commonly
+ * used HTML parsers will agree on the meaning of, but the absence of
+ * notifications does not mean that the input is in such a sub-set,
+ * only that it does not contain structural features that were removed.
+ * </p>
  */
 public interface HtmlChangeListener<T> {
 
diff --git a/src/main/java/org/owasp/html/HtmlChangeReporter.java b/src/main/java/org/owasp/html/HtmlChangeReporter.java
@@ -35,7 +35,7 @@
 import javax.annotation.Nullable;
 
 /**
- * Sits between the HTML parser, and then policy, and the renderer so that it
+ * Sits between the HTML parser, the policy, and the renderer so that it
  * can report dropped elements and attributes to an {@link HtmlChangeListener}.
  *
  * <pre>

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@`
`35`	`35`	`import javax.annotation.Nullable;`
`36`	`36`
`37`	`37`	`/**`
`38`		`- * Sits between the HTML parser, and then policy, and the renderer so that it`
	`38`	`+ * Sits between the HTML parser, the policy, and the renderer so that it`
`39`	`39`	`* can report dropped elements and attributes to an {@link HtmlChangeListener}.`
`40`	`40`	`*`
`41`	`41`	`* <pre>`