Add security warning

Author: rbrundritt

articles/azure-maps/how-to-use-spatial-io-module.md

@@ -23,6 +23,9 @@ The Azure Maps Web SDK provides the **Spatial IO module**, which integrates spat
 
 In this guide, we'll learn how to integrate and use the Spatial IO module in a web application.
 
+> [!WARNING]
+> Only use data and services that are from a source you trust, especially if referencing it from another domain. The spatial IO module does take steps to minimize risk, however the safest approach is too not allow any danagerous data into your application to begin with. 
+
 ## Prerequisites
 
 Before you can use the Spatial IO module, you'll need to [make an Azure Maps account](https://docs.microsoft.com/azure/azure-maps/quick-demo-map-app#create-an-account-with-azure-maps) and [get the primary subscription key for your account](https://docs.microsoft.com/azure/azure-maps/quick-demo-map-app#get-the-primary-key-for-your-account).

articles/azure-maps/map-add-popup.md

@@ -102,6 +102,14 @@ By default, the popup has a white background, a pointer arrow on the bottom, and
 
 Popup templates make it easy to create data driven layouts for popups. The sections below demonstrates the use of various popup templates to generate formatted content using properties of features.
 
+> [!NOTE]
+> By default, all content rendered use the popup template will be sandboxed inside of an iframe as a security feature. However, there are limitations:
+>
+> - All scripts, forms, pointer lock and top navigation functionality is disabled. Links are allowed to open up in a new tab when clicked. 
+> - Older browsers that don't support the `srcdoc` parameter on iframes will be limited to rendering a small amount of content.
+> 
+> If you trust the data being loaded into the popups and potentially want these scripts loaded into popups be able to access your application, you can disable this by setting the popup templates `sandboxContent` option to false. 
+
 ### String template
 
 The String template replaces placeholders with values of the feature properties. The properties of the feature don't have to be assigned a value of type String. For example, `value1` holds an integer. These values are then passed to the content property of the `popupTemplate`. 

articles/azure-maps/spatial-io-add-simple-data-layer.md

@@ -69,6 +69,14 @@ For example when parsing XML data feeds, you may not know the exact styles and g
 </iframe>
 
 
+> [!NOTE]
+> This simple data layer uses the [popup template](map-add-popup.md#add-popup-templates-to-the-map) class to display KML balloons or feature properties as a table. By default, all content rendered in the popup will be sandboxed inside of an iframe as a security feature. However, there are limitations:
+>
+> - All scripts, forms, pointer lock and top navigation functionality is disabled. Links are allowed to open up in a new tab when clicked. 
+> - Older browsers that don't support the `srcdoc` parameter on iframes will be limited to rendering a small amount of content.
+> 
+> If you trust the data being loaded into the popups and potentially want these scripts loaded into popups be able to access your application, you can disable this by setting the popup templates `sandboxContent` option to false. 
+
 ## Default supported style properties
 
 As mentioned earlier, the simple data layer wraps several of the core rendering layers: bubble, symbol, line, polygon, and extruded polygon. It then uses expressions to search for valid style properties on individual features.

articles/azure-maps/spatial-io-read-write-spatial-data.md

@@ -77,7 +77,7 @@ atlas.io.read('https://nonCorsDomain.example.com/mySuperCoolData.xml', {
 
 ```
 
-The last demo below shows how to read a delimited file and render it on the map. In this case, the code uses a CSV file that has spatial data columns.
+The demo below shows how to read a delimited file and render it on the map. In this case, the code uses a CSV file that has spatial data columns.
 
 <br/>