docs(CHANGELOG.md): more explicitly mention that the usemap posed security risks

(Related to #13826 (comment).)

Author: gkalpak

CHANGELOG.md

@@ -35,7 +35,7 @@ changes section for more information
   - do not trigger animations if the document is hidden
   ([a3a7afd3](https://github.com/angular/angular.js/commit/a3a7afd3aa70d981b0210088df53fa2cf68d3a3d),
    [#12842](https://github.com/angular/angular.js/issues/12842), [#13776](https://github.com/angular/angular.js/issues/13776))
-- **ngSanitize:** Blacklist the attribute `usemap`
+- **ngSanitize:** blacklist the attribute `usemap` as it can be used as a security exploit
   ([234053fc](https://github.com/angular/angular.js/commit/234053fc9ad90e0d05be7e8359c6af66be94c094))
 - **ngTouch:** deprecate ngClick and disable it by default
   ([0dfc1dfe](https://github.com/angular/angular.js/commit/0dfc1dfebf26af7f951f301c4e3848ac46f05d7f),

docs/content/guide/migration.ngdoc

@@ -158,9 +158,9 @@ service does not have access to the resource in order to sanitize it.
 
 Similarly, due to [234053fc](https://github.com/angular/angular.js/commit/234053fc9ad90e0d05be7e8359c6af66be94c094),
 the `$sanitize` service will now also remove instances of the `usemap` attribute from any elements
-passedto it. This attribute is used to reference another element by `name` or `id`. Since the `name`
-and `id` attributes are already blacklisted, a sanitized `usemap` attribute could only reference
-unsanitized content, which is a security risk.
+passed to it. This attribute is used to reference another element by `name` or `id`. Since the
+`name` and `id` attributes are already blacklisted, a sanitized `usemap` attribute could only
+reference unsanitized content, which is a security risk.
 
 Due to [98c2db7f](https://github.com/angular/angular.js/commit/98c2db7f9c2d078a408576e722407d518c7ee10a),
 passing a non-string value (other than `undefined` or `null`) through the `linky` filter will throw