some more documentation updates and minor code cleanups. Additionally True and true in the template are the same now, same for false/False and none/None.
--HG--
branch : trunk
diff --git a/docs/sandbox.rst b/docs/sandbox.rst
index f6ec78c..bb0ca9f 100644
--- a/docs/sandbox.rst
+++ b/docs/sandbox.rst
@@ -29,3 +29,18 @@
.. autofunction:: is_internal_attribute
.. autofunction:: modifies_known_mutable
+
+.. admonition:: Note
+
+ The Jinja2 sandbox alone is no solution for perfect security. Especially
+ for web applications you have to keep in mind that users may create
+ templates with arbitrary HTML in so it's crucial to ensure that (if you
+ are running multiple users on the same server) they can't harm each other
+ via JavaScript insertions and much more.
+
+ Also the sandbox is only as good as the configuration. We stronly
+ recommend only passing non-shared resources to the template and use
+ some sort of whitelisting for attributes.
+
+ Also keep in mind that templates may raise runtime or compile time errors,
+ so make sure to catch them.