apply suggestions from doc review

Co-authored-by: mc <[email protected]>

Author: erik-krogh

javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.qhelp

@@ -2,12 +2,12 @@
 
 <overview>
 <p>
-Applications decoding JSON Web Token (JWT) may be misconfigured due to the <code>None</code> algorithm.
+Applications decoding JSON Web Tokens (JWT) may be misconfigured due to the <code>None</code> algorithm.
 </p>
 <p>
 The <code>None</code> algorithm is selected by calling the <code>verify()</code> function with a falsy value
 instead of a cryptographic secret or key. The <code>None</code> algorithm disables the integrity enforcement of
-a JWT payload and may allow a malicious actor to make any desired changes to a JWT payload leading
+a JWT payload and may allow a malicious actor to make unintended changes to a JWT payload leading
 to critical security issues like privilege escalation.
 </p>
 
@@ -21,8 +21,8 @@ Calls to <code>verify()</code> functions should use a cryptographic secret or ke
 
 <example>
 <p>
-In the example below <code>false</code> is used to disable the integrity enforcement of a JWT payload. 
-This may allow a malicious actor to make any desired changes to a JWT payload.
+In the example below, <code>false</code> is used to disable the integrity enforcement of a JWT payload. 
+This may allow a malicious actor to make changes to a JWT payload.
 </p>
 
 <sample src="examples/missing-key-verification-bad.js" />

javascript/ql/src/change-notes/2022-01-25-missing-jwt-verification.md

@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* A new query `js/jwt-missing-verification` has been added. The query detects applications that does not verify JWT tokens.
+* A new query `js/jwt-missing-verification` has been added. The query detects applications that don't verify JWT tokens.