Apply suggestions from code review

atorralba · guntrip · atorralba · commit 28369d1822e5 · 2021-10-18T11:09:31.000+02:00
Co-authored-by: Steve Guntrip &lt;12534592+stevecat@users.noreply.github.com&gt;
diff --git a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp
@@ -6,14 +6,15 @@
         on behalf of the victim app.</p>
     </overview>
     <recommendation>
-        <p>Do not export compontents that start other components from a user-provided Intent. 
+        <p>Do not export components that start other components from a user-provided Intent. 
         They can be made private by setting the <code>android:exported</code> property to <code>false</code> in the app's Android Manifest.</p>
         <p>If this is not possible, restrict either which apps can send Intents to the affected component, or which components can be started from it.</p>
     </recommendation>
     <example>
         <p>The following snippet contains two examples.
         In the first example, an arbitrary component can be started from the externally provided <code>forward_intent</code> Intent.
-        In the second example, the destination component of the Intent is first checked to make sure it is safe.</p>
+        In the second example, the destination component of the Intent is first checked to make sure it is safe.
+        In the third example, the component that created the Intent is first checked to make sure it comes from a trusted origin.</p>
         <sample src="AndroidIntentRedirectionSample.java" />
     </example>
     <references>
