spelling: response

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.qhelp

@@ -19,7 +19,7 @@
     <p>
       In general, using user input to determine Spring view name should be avoided.
       If user input must be included in the expression, the controller can be annotated by
-      a <code>@ReponseBody</code> annotation. In this case, Spring Framework does not interpret 
+      a <code>@ResponseBody</code> annotation. In this case, Spring Framework does not interpret 
       it as a view name, but just returns this string in HTTP Response. The same applies to using
       a <code>@RestController</code> annotation on a class, as internally it inherits <code>@ResponseBody</code>.
     </p>
@@ -31,7 +31,7 @@
     </p>
     <sample src="SpringViewBad.java" />
     <p>
-      This can be easily prevented by using the <code>ResponseBody</code> annotation which marks the reponse is already processed preventing exploitation of Spring View Manipulation vulnerabilities. Alternatively, this can also be fixed by adding a <code>HttpServletResponse</code> parameter to the method definition as shown in the example below.
+      This can be easily prevented by using the <code>ResponseBody</code> annotation which marks the response is already processed preventing exploitation of Spring View Manipulation vulnerabilities. Alternatively, this can also be fixed by adding a <code>HttpServletResponse</code> parameter to the method definition as shown in the example below.
     </p>
     <sample src="SpringViewGood.java" />
   </example>

javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll

@@ -671,7 +671,7 @@ module ClientRequest {
     }
 
     /**
-     * Gets the response type corresponding to `getReponse()` but not
+     * Gets the response type corresponding to `getResponse()` but not
      * for explicitly typed calls like `getResponseJson()`.
      */
     string getAssignedResponseType() {