Thanks to @Gusted for #151 which fixes a bug that allowed a policy to be defined in a way that input could've allowed an empty and meaningless element to be left in the output when it should not have done so.
This is not a security issue, and the details can be seen in the PR comment.
