diff --git a/app/assets/javascripts/editor/execution.js.erb b/app/assets/javascripts/editor/execution.js.erb
index 32035828..a5126462 100644
--- a/app/assets/javascripts/editor/execution.js.erb
+++ b/app/assets/javascripts/editor/execution.js.erb
@@ -4,6 +4,7 @@ CodeOceanEditorWebsocket = {
   createSocketUrl: function(url) {
       var sockURL = new URL(window.location);
       sockURL.pathname = url;
+      // sanitize socket protocol string, strip trailing slash and other malicious chars if they are there
       sockURL.protocol = '<%= DockerClient.config['ws_client_protocol']&.match(/(\w+):*\/*/)&.to_a&.at(1) %>:';
 
       // strip anchor if it is in the url