diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index e2734c9747..4b1a6be7cf 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -1875,15 +1875,27 @@ Removes a space-separated list of [X]HTML tags from the output.
For example::
- {{ value|removetags:"b span"|safe }}
+ {{ value|removetags:"b span" }}
If ``value`` is ``"Joel a slug"`` the
-output will be ``"Joel a slug"``.
+unescaped output will be ``"Joel a slug"``.
Note that this filter is case-sensitive.
If ``value`` is ``"Joel a slug"`` the
-output will be ``"Joel a slug"``.
+unescaped output will be ``"Joel a slug"``.
+
+.. admonition:: No safety guarantee
+
+ Note that ``removetags`` doesn't give any guarantee about its output being
+ HTML safe. In particular, it doesn't work recursively, so an input like
+ ``"ript>alert('XSS')ript>"`` won't be safe even if
+ you apply ``|removetags:"script"``. So if the input is user provided,
+ **NEVER** apply the ``safe`` filter to a ``removetags`` output. If you are
+ looking for something more robust, you can use the ``bleach`` Python
+ library, notably its `clean`_ method.
+
+.. _clean: http://bleach.readthedocs.org/en/latest/clean.html
.. templatefilter:: rjust
@@ -2000,10 +2012,10 @@ output will be ``"Joel is a slug"``.
.. admonition:: No safety guarantee
Note that ``striptags`` doesn't give any guarantee about its output being
- entirely HTML safe, particularly with non valid HTML input. So **NEVER**
- apply the ``safe`` filter to a ``striptags`` output.
- If you are looking for something more robust, you can use the ``bleach``
- Python library, notably its `clean`_ method.
+ HTML safe, particularly with non valid HTML input. So **NEVER** apply the
+ ``safe`` filter to a ``striptags`` output. If you are looking for something
+ more robust, you can use the ``bleach`` Python library, notably its
+ `clean`_ method.
.. _clean: http://bleach.readthedocs.org/en/latest/clean.html