From 76503d3536ca05b62b81e2f1f795e688bc8b84e6 Mon Sep 17 00:00:00 2001
From: Erik Krogh Kristensen <erik-krogh@github.com>
Date: Wed, 22 Apr 2020 10:07:29 +0200
Subject: [PATCH] user controlled -> user-controlled

---
 javascript/ql/src/Security/CWE-079/XssThroughDom.ql             | 2 +-
 .../src/semmle/javascript/security/dataflow/XssThroughDom.qll   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
index a87ed4955a2..b4ae70d7e8b 100644
--- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
+++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
@@ -1,6 +1,6 @@
 /**
  * @name Cross-site scripting through DOM
- * @description Writing user controlled DOM to HTML can allow for
+ * @description Writing user-controlled DOM to HTML can allow for
  *              a cross-site scripting vulnerability.
  * @kind path-problem
  * @problem.severity error
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/XssThroughDom.qll b/javascript/ql/src/semmle/javascript/security/dataflow/XssThroughDom.qll
index 0577be54766..4708d142263 100644
--- a/javascript/ql/src/semmle/javascript/security/dataflow/XssThroughDom.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/XssThroughDom.qll
@@ -35,7 +35,7 @@ module XssThroughDom {
   }
 
   /**
-   * Gets an attribute name that could store user controlled data.
+   * Gets an attribute name that could store user-controlled data.
    *
    * Attributes such as "id", "href", and "src" are often used as input to HTML.
    * However, they are either rarely controlable by a user, or already a sink for other XSS vulnerabilities.