From daaf0cbe16802a31f1c49c46ec00f248bf8d0128 Mon Sep 17 00:00:00 2001
From: Kai <me@kai.enterprises>
Date: Fri, 14 Mar 2025 23:55:54 +0100
Subject: [PATCH] docs: add warning about xss

---
 src/DocumentComponent.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/DocumentComponent.ts b/src/DocumentComponent.ts
index bbd60ba..9d4f0a1 100644
--- a/src/DocumentComponent.ts
+++ b/src/DocumentComponent.ts
@@ -27,6 +27,9 @@ export class DocumentComponent extends NodeComponent<DocumentFragment> {
     /**
      * Template literal tag function that accepts HTML code with components in a
      * string literal
+     *
+     * @warning This method should only be used with trusted inputs
+     * to avoid XSS vulnerabilities.
      */
     public static tag(strings: TemplateStringsArray, ...components: (any | NodeComponent<any>)[]): DocumentComponent {
         const idPrefix = `tag-${crypto.randomUUID()}-`;