diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index abac19da9..3ba7224b9 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -7,11 +7,20 @@
 
 /**
  * Sanitizes $message, taking into account our special codes
- * for formatting
+ * for formatting.
+ *
+ * If you want to include result in element attribute, you should escape it.
+ *
+ * Examples:
+ *
+ * <p><?php echo PMA_sanitize($foo); ?></p>
+ *
+ * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
  *
  * @uses    preg_replace()
  * @uses    strtr()
  * @param   string   the message
+ * @param   boolean  whether to escape html in result
  *
  * @return  string   the sanitized message
  *