diff --git a/njsscan/rules/semantic_grep/xss/xss_templates.yaml b/njsscan/rules/semantic_grep/xss/xss_templates.yaml
index 5c46c91..06c36ec 100644
--- a/njsscan/rules/semantic_grep/xss/xss_templates.yaml
+++ b/njsscan/rules/semantic_grep/xss/xss_templates.yaml
@@ -4,8 +4,7 @@ rules:
       - pattern: $X.SafeString(...)
       - pattern: new Handlebars.SafeString(...)
     message: >-
-      Handlebars SafeString will not escape the data passed through it.
-      Untrusted user input passing through SafeString can cause XSS.
+      When you use SafeString or triple curly braces ({{{ }}}), Handlebars does not escape the content, allowing raw HTML to be rendered in the browser. This is useful if you want to insert valid HTML content into your template, like bold text (<strong>) or links (<a>), but it becomes dangerous if you are dealing with untrusted or user-generated content, as it can cause a Cross-site scripting attack (XSS). You should only use SafeString when the content is trusted. For example, if the content is generated by the server and does not come from user input or an untrusted source. If you are dealing with user-generated content, make sure to sanitize it to remove any malicious scripts before marking it as "safe".
     languages:
       - javascript
     severity: ERROR