Editorial: Fix a couple of typos/misspellings (w3c#20)

Author: sideshowbarker

index.bs

@@ -213,7 +213,7 @@ The following seems like a good place to start:
     They cannot consistently separate same-site or same-origin windows into distinct processes given
     the potential for synchronous access between the windows.
 
-4.  User agents cannot yet consistently seperate framed origins into processes distinct from their
+4.  User agents cannot yet consistently separate framed origins into processes distinct from their
     embedders' origin.
 
     Note: Though some user agents support out-of-process frames [[OOPIF]], no agent supports it
@@ -289,7 +289,7 @@ seem generally applicable:
         into an [=opaque origin=].
 
         Note: Some servers deliver `Content-Disposition: attachment; filename=file.name` to obtain
-        a similar effect. This was valuable to mitigate vulnerabilies in Flash, but the sandbox
+        a similar effect. This was valuable to mitigate vulnerabilities in Flash, but the sandbox
         approach seems to more straightforwardly address the threats we care about today.
 
     *   Asserting the <a http-header>`Cross-Origin-Opener-Policy`</a> header with a value of