diff --git a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.qhelp b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.qhelp
index b1d18387d21..d892f419af8 100644
--- a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.qhelp
+++ b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.qhelp
@@ -6,7 +6,7 @@
   <overview>
     <p>
         Using string concatenation to construct JavaScript code can be error-prone, or in the worst
-        case enable code-injection if an input is constructed by an attacker.  
+        case, enable code injection if an input is constructed by an attacker.  
     </p>
   </overview>
 
@@ -20,14 +20,14 @@
 
   <example>
     <p>
-      The below example constructs a function that assigns the number 42 to the property <code>key</code>
+      The example below constructs a function that assigns the number 42 to the property <code>key</code>
       on an object <code>obj</code>. However, if <code>key</code> contains <code>&lt;/script&gt;</code>, then 
       the generated code will break out of a <code>&lt;script&gt;</code> if the generated code is inserted 
       into a <code>&lt;script&gt;</code> tag.
     </p>
     <sample src="examples/ImproperCodeSanitization.js" />
     <p>
-      The issue has been fixed in the below by escaping potentially dangerous characters.
+      The issue has been fixed by escaping potentially dangerous characters, as shown below.
     </p>
     <sample src="examples/ImproperCodeSanitizationFixed.js" />
   </example>