Remove somewhat braindead comments

On second thought, if you're outputting user-supplied JS without careful
validation, it doesn't really matter if it's HTML-escaped or not.  :D
CSS has expr() and such too.

diff --git a/includes/Html.php b/includes/Html.php
index 57f9ba0..ae10ac6 100644 (file)
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -194,10 +194,6 @@ class Html {
         * escaping as well, like if $contents contains literal '</script>' or (for
         * XML) literal "]]>".
         *
-        * Note that $contents will not be escaped, since JS may legitimately
-        * contain unescaped characters like "<".  Make sure you don't output
-        * untrusted user input here!
-        *
         * @param $contents string JavaScript
         * @return string Raw HTML
         */
@@ -234,10 +230,6 @@ class Html {
         * (if any).  TODO: do some useful escaping as well, like if $contents
         * contains literal '</style>' (admittedly unlikely).
         *
-        * Note that $contents will not be escaped, since CSS may legitimately
-        * contain unescaped characters like "<".  Make sure you don't output
-        * untrusted user input here!
-        *
         * @param $contents string CSS
         * @param $media mixed A media type string, like 'screen', or null for all
         *   media