From 73dec8383e517a251ffe1f0c51d65627b281519d Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 21 Jan 2019 00:28:47 +0100
Subject: Document the point of having a black-list approach for eval

---
 doc/source/features.rst | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc/source')

diff --git a/doc/source/features.rst b/doc/source/features.rst
index 9bd9907..e3ae876 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -386,6 +386,11 @@ it's broadly (mis)used all around the web.
 Snuffleupagus provides a white and blacklist mechanism, to explicitly allow
 and forbid specific functions call from being issued inside ``eval``.
 
+While it's heavily recommended to only use the whitelist feature, the blacklist
+one exists because some adminsys might want to use it to catch automated
+script-kiddies attacks, while being confident that doing so won't break a
+single website.
+
 .. _samesite-feature:
 
 Protection against cross site request forgery
-- 
cgit v1.3