Copyedit documentation

smowton · web-flow · commit a781522ca0db · 2024-07-30T12:19:16.000+01:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.qhelp b/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.qhelp
@@ -2,24 +2,21 @@
 <qhelp>
      <overview>
           <p>
-               A JSON Web Token (JWT) is used for authenticating and managing users in an application.
-          </p>
-          <p>
-               Only Decoding JWTs without checking if they have a valid signature or not can lead to security vulnerabilities.
+               A JSON Web Token (JWT) is used for authenticating and managing users in an application. It must be verified in order to ensure the JWT is genuine.
           </p>
 
      </overview>
      <recommendation>
 
           <p>
-               Don't use methods that only decode JWT, Instead use methods that verify the signature of JWT.
+               Don't use information from a JWT without verifying that JWT.
           </p>
 
      </recommendation>
      <example>
 
           <p>
-               The following code you can see an Example from a popular Library.
+               The following example illustrates secure and insecure use of the Auth0 `java-jwt` library.
           </p>
 
           <sample src="Example.java" />
@@ -31,4 +28,4 @@
           </li>
      </references>
 
-</qhelp>
+</qhelp>
