Apply suggestions from code review

erik-krogh · asgerf · web-flow · commit b039267b76fd · 2021-03-15T12:39:56.000+01:00
Co-authored-by: Asger F &lt;asgerf@github.com&gt;
diff --git a/javascript/change-notes/2021-03-09-template-object-injection.md b/javascript/change-notes/2021-03-09-template-object-injection.md
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* The `js/template-object-injection` query has been added. It highlights servers where an templating engine may allow attacks on the server.
+* The `js/template-object-injection` query has been added. It highlights places where an attacker can pass special parameters to a template engine.
diff --git a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.qhelp b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.qhelp
@@ -11,14 +11,14 @@ local file reads or even remote code execution.
 
 <recommendation>
 <p>
-Avoid using user-controlled objects as arguments to template engine, instead construct the object explicitly with 
+Avoid using user-controlled objects as arguments to a template engine. Instead, construct the object explicitly with 
 the specific properties needed by the template.
 </p>
 </recommendation>
 
 <example>
 <p>
-In the below example a server uses the user-controlled <code>profile</code> object to 
+In the example below a server uses the user-controlled <code>profile</code> object to 
 render the <code>index</code> template.  
 </p>
 <sample src="examples/TemplateObjectInjection.js" />
@@ -42,4 +42,4 @@ cwe.mitre.org: <a href="https://cwe.mitre.org/data/definitions/73.html">CWE-73:
 </li>
 
 </references>
-</qhelp>
+</qhelp>

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`lgtm,codescanning`
`2`		-* The `js/template-object-injection` query has been added. It highlights servers where an templating engine may allow attacks on the server.
	`2`	+* The `js/template-object-injection` query has been added. It highlights places where an attacker can pass special parameters to a template engine.