--- cvsroot/JSON-XS/XS.pm	2007/06/25 04:21:14	1.46
+++ cvsroot/JSON-XS/XS.pm	2007/06/25 06:57:42	1.47
@@ -395,8 +395,23 @@
 Setting the maximum depth to one disallows any nesting, so that ensures
 that the object is only a single hash/object or array.
 
-The argument to C<max_depth> will be rounded up to the next nearest power
-of two.
+The argument to C<max_depth> will be rounded up to the next highest power
+of two. If no argument is given, the highest possible setting will be
+used, which is rarely useful.
+
+See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
+
+=item $json = $json->max_size ([$maximum_string_size])
+
+Set the maximum length a JSON text may have (in bytes) where decoding is
+being attempted. The default is C<0>, meaning no limit. When C<decode>
+is called on a string longer then this number of characters it will not
+attempt to decode the string but throw an exception. This setting has no
+effect on C<encode> (yet).
+
+The argument to C<max_size> will be rounded up to the next B<highest>
+power of two (so may be more than requested). If no argument is given, the
+limit check will be deactivated (same as when C<0> is specified).
 
 See SECURITY CONSIDERATIONS, below, for more info on why this is useful.
 
@@ -754,7 +769,9 @@
 resources run out, thats just fine (e.g. by using a separate process that
 can crash safely). The size of a JSON text in octets or characters is
 usually a good indication of the size of the resources required to decode
-it into a Perl structure.
+it into a Perl structure. While JSON::XS can check the size of the JSON
+text, it might be too late when you already have it in memory, so you
+might want to check the size before you accept the string.
 
 Third, JSON::XS recurses using the C stack when decoding objects and
 arrays. The C stack is a limited resource: for instance, on my amd64