From b94756bbf0c9817bff5824dd1ffd76adccdbba82 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Tue, 27 Feb 2024 13:23:47 +0100
Subject: [PATCH] Add a warning for StripTags

---
 internal/reader/sanitizer/strip_tags.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/reader/sanitizer/strip_tags.go b/internal/reader/sanitizer/strip_tags.go
index 91d4901f..763601e2 100644
--- a/internal/reader/sanitizer/strip_tags.go
+++ b/internal/reader/sanitizer/strip_tags.go
@@ -11,6 +11,7 @@ import (
 )
 
 // StripTags removes all HTML/XML tags from the input string.
+// This function must *only* be used for cosmetic purposes, not to prevent code injections like XSS.
 func StripTags(input string) string {
 	tokenizer := html.NewTokenizer(bytes.NewBufferString(input))
 	var buffer bytes.Buffer