JavaScript: Improve query name and help for js/incomplete-sanitization.

The query applies more generally to all kinds of string escaping and encoding, not just sanitization.

javascript/ql/src/Security/CWE-116/IncompleteSanitization.qhelp

@@ -20,6 +20,10 @@ sanitization. In the latter case, preceding a meta-character with a backslash le
 backslash being escaped, but the meta-character appearing un-escaped, which again makes the
 sanitization ineffective.
 </p>
+<p>
+Even if the escaped string is not used in a security-critical context, incomplete escaping may
+still have undesirable effects, such as badly rendered or confusing output.
+</p>
 </overview>
 
 <recommendation>

javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql

@@ -1,7 +1,7 @@
 /**
- * @name Incomplete sanitization
- * @description A sanitizer that does not replace or escape all occurrences of a
- *              problematic substring may be ineffective.
+ * @name Incomplete string escaping or encoding
+ * @description A string transformer that does not replace or escape all occurrences of a
+ *              meta-character may be ineffective.
  * @kind problem
  * @problem.severity warning
  * @precision high
@@ -16,9 +16,6 @@ import javascript
 
 /**
  * Gets a character that is commonly used as a meta-character.
- *
- * We heuristically assume that string replacements involving one of these
- * characters are meant to be sanitizers.
  */
 string metachar() {
   result = "'\"\\&<>\n\r\t*|{}[]%$".charAt(_)
@@ -75,7 +72,7 @@ predicate isBackslashEscape(MethodCallExpr mce, RegExpLiteral re) {
 }
 
 /**
- * Holds if data flowing into `nd` has no unescaped backslashes.
+ * Holds if data flowing into `nd` has no un-escaped backslashes.
  */
 predicate allBackslashesEscaped(DataFlow::Node nd) {
   // `JSON.stringify` escapes backslashes