From 4ae79170c9f79f2fa73871131580f2bff1de11f9 Mon Sep 17 00:00:00 2001
From: Krzysztof Kotowicz <koto@google.com>
Date: Fri, 19 Jan 2024 12:00:21 +0100
Subject: [PATCH] Added a comment about fromLiteral. (#409)

Closes #393.
---
 spec/index.bs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/spec/index.bs b/spec/index.bs
index 1b91dda..70a1db6 100644
--- a/spec/index.bs
+++ b/spec/index.bs
@@ -1564,9 +1564,8 @@ Content-Security-Policy: require-trusted-types-for 'script'; trusted-types one t
 
 <div class="example" id="header-that-allows-no-policy-names">
 An empty [=directive=] [=directive/value=] indicates policies may not be created,
-and sinks expect Trusted Type values, i.e. no DOM XSS [=injection sinks=] can be used
-at all.
-
+and sinks expect Trusted Type values, i.e. DOM XSS [=injection sinks=] cannot be used
+with dynamic values. Values for those sinks can only be created by <code>fromLiteral</code> tag functions.
 <pre class="http">
 Content-Security-Policy: trusted-types; require-trusted-types-for 'script'
 </pre>