diff --git a/src/editor/model.js b/src/editor/model.js
index b3d6682f79..e4170d88dd 100644
--- a/src/editor/model.js
+++ b/src/editor/model.js
@@ -45,6 +45,7 @@ export default class EditorModel {
     }
 
     _diff(newValue, inputType, caret) {
+        // can't use caret position with drag and drop
         if (inputType === "deleteByDrag") {
             return diffDeletion(this._previousValue, newValue);
         } else {
diff --git a/src/editor/parse-event.js b/src/editor/parse-event.js
index 711529defe..b4dc22ee4e 100644
--- a/src/editor/parse-event.js
+++ b/src/editor/parse-event.js
@@ -19,6 +19,9 @@ import { PlainPart, UserPillPart, RoomPillPart } from "./parts";
 
 function parseHtmlMessage(html) {
     const REGEX_MATRIXTO = new RegExp(MATRIXTO_URL_PATTERN);
+    // no nodes from parsing here should be inserted in the document,
+    // as scripts in event handlers, etc would be executed then.
+    // we're only taking text, so that is fine
     const nodes = Array.from(new DOMParser().parseFromString(html, "text/html").body.childNodes);
     const parts = nodes.map(n => {
         switch (n.nodeType) {