diff --git a/internal/reader/sanitizer/strip_tags.go b/internal/reader/sanitizer/strip_tags.go
index 91d4901f..763601e2 100644
--- a/internal/reader/sanitizer/strip_tags.go
+++ b/internal/reader/sanitizer/strip_tags.go
@@ -11,6 +11,7 @@ import (
 )
 
 // StripTags removes all HTML/XML tags from the input string.
+// This function must *only* be used for cosmetic purposes, not to prevent code injections like XSS.
 func StripTags(input string) string {
 	tokenizer := html.NewTokenizer(bytes.NewBufferString(input))
 	var buffer bytes.Buffer