diff --git a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.qhelp b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.qhelp
index 4c8ffa91d64..2cc0f1b33e7 100644
--- a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.qhelp
+++ b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.qhelp
@@ -15,8 +15,8 @@ the server.
 <recommendation>
 
 <p>
-Sanitize user input before passing it to the shell command by for example 
-ensuring that URLs are valid and do not contain malicious commands.
+Sanitize user input before passing it to the shell command. For example,
+ensure that URLs are valid and do not contain malicious commands.
 </p>
 
 </recommendation>
@@ -30,7 +30,7 @@ URL that can be controlled by a malicious user.
 <sample src="examples/second-order-command-injection.js" />
 
 <p>
-The problem has been fixed in the below where the URL is validated before
+The problem has been fixed in the snippet below, where the URL is validated before
 being passed to the shell command.
 </p>