Update TimingAttackAgainstHeader.qhelp

Author: smowton

java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.qhelp

@@ -20,9 +20,7 @@ and does not depend on the contents of the arrays.
 <example>
 <p>
 The following example uses <code>Arrays.equals()</code> method for validating a csrf token.
-This method implements a non-constant-time algorithm.
-
-In the same example i use a safe constant-time algorithm for validating.
+This method implements a non-constant-time algorithm. The example also demonstrates validation using a safe constant-time algorithm.
 </p>
 <sample src="csrfComparison.java" />
 </qhelp>