From 80aa9a2d52f2fcbffd6e15d208b8ead5886900b1 Mon Sep 17 00:00:00 2001
From: Waylan Limberg <waylan@gmail.com>
Date: Wed, 9 Mar 2011 22:53:10 -0500
Subject: Documented concern raised in Ticket 85. Added a warning that enabling
 safe_mode does not turn off attributes, so they should be turned off
 seperately.

---
 docs/using_as_module.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/using_as_module.txt b/docs/using_as_module.txt
index 9031c4e..7c9008d 100644
--- a/docs/using_as_module.txt
+++ b/docs/using_as_module.txt
@@ -54,6 +54,10 @@ You should also use this method if you want to process multiple strings:
     html1 = md.convert(text1)
     html2 = md.convert(text2)
 
+Any options accepted by the `Markdown` class are also accepted by the 
+`markdown` shortcut function. However, a new instant of the class will be
+created each time the shortcut function is called.
+
 Working with Files
 ------------------
 
@@ -122,6 +126,10 @@ still create links using Markdown syntax.)
 * To escape HTML, set ``safe_mode="escape"``. The HTML will be escaped and 
     included in the document.
 
+Note that "safe_mode" does not alter the "enable_attributes" option, which 
+could allow someone to inject javascript (i.e., `{@onclick=alert(1)}`). You 
+may also want to set `enable_attributes=False` when using "safe_mode".
+
 Output Formats
 --------------
 
-- 
cgit v1.2.3