From a83e8b4697cbc8380126f54d150bb7f90bb418cf Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Sat, 26 Mar 2011 00:35:17 +0000
Subject: [PATCH] Add note about poor interaction with JavaScript.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 index.xhtml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/index.xhtml b/index.xhtml
index 901da25..bba506e 100644
--- a/index.xhtml
+++ b/index.xhtml
@@ -122,9 +122,11 @@
 
   <p>To my knowledge, there is nothing else in the wild that offers 
   protection from <abbr>XSS</abbr>, standards-compliance, and
-  corrective processing of poorly formed <abbr>HTML</abbr>.
-  But don't take my word for it: 
-  do your research and try out the <a href="demo.php">demo</a>.</p> 
+  corrective processing of poorly formed <abbr>HTML</abbr>.  HTML
+  Purifier is not perfect; it can interact poorly with existing
+  JavaScript on websites, which can introduces vulnerabilities after the
+  fact.  However, it is pretty damn good.
+  Do your research and try out the <a href="demo.php">demo</a>.</p> 
 
   <p>To find out more, you can read the
   <a href="comparison"><strong>Comparison</strong></a>
-- 
2.11.4.GIT