From c663eaf7bd0f44c1083a3f52360ca494162ea75b Mon Sep 17 00:00:00 2001
From: Liam Brydon <62733830+MyCreativityOutlet@users.noreply.github.com>
Date: Wed, 22 Oct 2025 10:55:49 +1300
Subject: [PATCH] comment

---
 epdb/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/epdb/views.py b/epdb/views.py
index 2fb47668..dc6f7f68 100644
--- a/epdb/views.py
+++ b/epdb/views.py
@@ -158,6 +158,7 @@ def register(request):
         if next := request.POST.get("next"):
             context["next"] = next
 
+        # We are not allowing usernames or emails to contain any html (unlike using tags=s.ALLOWED_HTML_TAGS elsewhere)
         username = nh3.clean(request.POST.get("username", "")).strip()
         email = nh3.clean(request.POST.get("email", "")).strip()
         password = request.POST.get("password", "").strip()