Apply suggestions from code review

asgerf · mchammer01 · web-flow · commit ed729a19638a · 2020-12-09T09:59:55.000Z
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/javascript/change-notes/2020-11-25-prototype-pollution.md b/javascript/change-notes/2020-11-25-prototype-pollution.md
@@ -1,5 +1,5 @@
 lgtm,codescanning
-* Detection of prototype pollution has improved and the queries involved have been reorganized:
+* We've improved the detection of prototype pollution, and the queries involved have been reorganized:
   * A new query "Prototype-polluting assignment" (`js/prototype-polluting-assignment`) has been added. This query
   highlights direct modifications of an object obtained via a user-controlled property name, which may accidentally alter `Object.prototype`.
   * The query previously named "Prototype pollution" (`js/prototype-pollution`) has been renamed to "Prototype-polluting merge call".
diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.qhelp b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.qhelp
@@ -7,7 +7,7 @@
   <p>
     Most JavaScript objects inherit the properties of the built-in <code>Object.prototype</code> object.
     Prototype pollution is a type of vulnerability in which an attacker is able to modify <code>Object.prototype</code>.
-    Since most objects inherit from the compromised <code>Object.prototype</code>, the attacker can use this
+    Since most objects inherit from the compromised <code>Object.prototype</code> object, the attacker can use this
     to tamper with the application logic, and often escalate to remote code execution or cross-site scripting.
   </p>
 
@@ -23,7 +23,7 @@
   <p>
     Use an associative data structure that is resilient to untrusted key values, such as a <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map">Map</a>.
     In some cases, a prototype-less object created with <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/create">Object.create(null)</a>
-    may be preferrable.
+    may be preferable.
   </p>
   <p>
     Alternatively, restrict the computed property name so it can't clash with a built-in property, either by
