Add input from documentation review

Author: p-

java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.qhelp

@@ -5,15 +5,15 @@
 
 <overview>
 <p>Calling <code>openStream</code> on URLs created from remote source can lead to local file disclosure.</p>
-<p>If <code>openStream</code> is called on a <code>java.net.URL</code>, that was created from a remote source
+<p>If <code>openStream</code> is called on a <code>java.net.URL</code>, that was created from a remote source,
 an attacker can try to pass absolute URLs starting with <code>file://</code> or <code>jar://</code> to access
 local resources in addition to remote ones.</p>
 </overview>
 
 <recommendation>
-<p>When you construct a URL using <code>java.net.URL</code> from a remote source, make sure
-to not call openStream on it. Instead fetch the URL with a HTTP Client to access its content.
-Also validate that the URL uses the correct protocol and host combination.</p>
+<p>When you construct a URL using <code>java.net.URL</code> from a remote source,
+don't call <code>openStream</code> on it. Instead, use an HTTP Client to fetch the URL and access its content.
+You should also validate the URL to check that it uses the correct protocol and host combination.</p></p>
 </recommendation>
 
 <example>

java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql

@@ -1,8 +1,7 @@
 /**
- * @name Calling openStream on URLs created from remote source can lead to file disclosure
- * @description If openStream is called on a java.net.URL, that was created from a remote source
- *              an attacker can try to pass absolute URLs starting with file:// or jar:// to access
- *              local resources in addition to remote ones.
+ * @name openStream called on URLs created from remote source
+ * @description Calling openStream on URLs created from remote source
+ * can lead to local file disclosure.
  * @kind path-problem
  */