diff --git a/TODO b/TODO
new file mode 100644
index 0000000..1f7d5ea
--- /dev/null
+++ b/TODO
@@ -0,0 +1,2 @@
+specific test cases: http://ha.ckers.org/xss.html
+expanded white-lists as mentioned in README