JS: address doc-review comments

esbena · esbena · commit 7f25c1bf4764 · 2020-01-31T19:33:04.000+01:00
diff --git a/change-notes/1.24/analysis-javascript.md b/change-notes/1.24/analysis-javascript.md
@@ -28,7 +28,7 @@
 | Regular expression always matches (`js/regex/always-matches`) | correctness, regular-expressions | Highlights regular expression checks that trivially succeed by matching an empty substring. Results are shown on LGTM by default. |
 | Missing await (`js/missing-await`) | correctness | Highlights expressions that operate directly on a promise object in a nonsensical way, instead of awaiting its result. Results are shown on LGTM by default. |
 | Prototype pollution in utility function (`js/prototype-pollution-utility`) | security, external/cwe/cwe-400, external/cwe/cwe-471 | Highlights recursive copying operations that are susceptible to prototype pollution. Results are shown on LGTM by default. |
-| Unsafe jQuery plugin (`js/unsafe-jquery-plugin`) | Highlights potential XSS vulnerabilities in unsafely designed jQuery plugins. |
+| Unsafe jQuery plugin (`js/unsafe-jquery-plugin`) | Highlights potential XSS vulnerabilities in unsafely designed jQuery plugins. Results are shown on LGTM by default. |
 
 ## Changes to existing queries
 
diff --git a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.qhelp b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.qhelp
@@ -10,13 +10,14 @@
 			configurable through options provided by the clients of the
 			plugin.
 
-			Clients, however, do not know the implementation details of the
-			plugin, so it is important to document the capabilities of each
-			option.  Of particular importance is the documentation for the plugin
-			options that the client is responsible for sanitizing.
+
+			Clients, however, do not know the implementation details
+			of the plugin, so it is important to document the capabilities of each
+			option.  The documentation for the plugin options that the client is
+			responsible for sanitizing is of particular importance.
 
 			Otherwise, the plugin may write user input (for example, a URL query
-			parameter) to a web page without properly sanitizing the input first,
+			parameter) to a web page without properly sanitizing it first,
 			which allows for a cross-site scripting vulnerability in the client
 			application through dynamic HTML construction.
 
@@ -36,8 +37,8 @@
 	<example>
 		<p>
 
-			The following example shows a jQuery plugin that selects a DOM
-			element, and copies its text content another DOM element.  The
+			The following example shows a jQuery plugin that selects a
+			DOM element, and copies its text content to another DOM element. The
 			selection is performed by using the plugin option
 			<code>sourceSelector</code> as a CSS selector.
 
@@ -47,7 +48,7 @@
 
 		<p>
 
-			This is however not a safe plugin, since the call to
+			This is, however, not a safe plugin, since the call to
 			<code>jQuery</code> interprets <code>sourceSelector</code> as HTML if
 			it is a string that starts with <code>&lt;</code>.
 
