diff --git a/epdb/views.py b/epdb/views.py
index 2fb47668..dc6f7f68 100644
--- a/epdb/views.py
+++ b/epdb/views.py
@@ -158,6 +158,7 @@ def register(request):
         if next := request.POST.get("next"):
             context["next"] = next
 
+        # We are not allowing usernames or emails to contain any html (unlike using tags=s.ALLOWED_HTML_TAGS elsewhere)
         username = nh3.clean(request.POST.get("username", "")).strip()
         email = nh3.clean(request.POST.get("email", "")).strip()
         password = request.POST.get("password", "").strip()