From 97dad2db1725349232539c98e2f31945c497422b Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <paldepind@github.com>
Date: Thu, 27 Nov 2025 11:43:41 +0100
Subject: [PATCH] Rust: Apply suggestions from docs review

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 rust/ql/src/queries/security/CWE-079/XSS.qhelp | 14 +++++++-------
 rust/ql/src/queries/security/CWE-079/XSS.ql    |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/rust/ql/src/queries/security/CWE-079/XSS.qhelp b/rust/ql/src/queries/security/CWE-079/XSS.qhelp
index 38c361bd62f..13b7c026f3c 100644
--- a/rust/ql/src/queries/security/CWE-079/XSS.qhelp
+++ b/rust/ql/src/queries/security/CWE-079/XSS.qhelp
@@ -4,8 +4,8 @@
 <qhelp>
 
 <overview>
-<p>Directly writing user input (for example, an HTTP request parameter) to a web
-page, without properly sanitizing the input first, allows for a cross-site
+<p>Directly writing user input (for example, an HTTP request parameter) to a webpage,
+without properly sanitizing the input first, allows for a cross-site
 scripting vulnerability.</p>
 </overview>
 
@@ -23,9 +23,9 @@ scripting:</p>
 <sample src="XSSBad.rs" />
 
 <p>To fix this vulnerability, the user input should be HTML-encoded before being
-included in the response. In the following example <code>encode_text</code> from
+included in the response. In the following example, <code>encode_text</code> from
 the <a href="https://docs.rs/html-escape/latest/html_escape/index.html">html_escape</a>
-crate is used:</p>
+crate is used to achieve this:</p>
 
 <sample src="XSSGood.rs" />
 
@@ -34,15 +34,15 @@ crate is used:</p>
 <references>
 <li>
   OWASP:
-  <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
-  (Cross Site Scripting) Prevention Cheat Sheet</a>.
+  <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">
+Cross Site Scripting Prevention Cheat Sheet</a>.
 </li>
 <li>
   Wikipedia: <a href="https://en.wikipedia.org/wiki/Cross-site_scripting">Cross-site scripting</a>.
 </li>
 <li>
   OWASP:
-  <a href="https://owasp.org/www-community/attacks/xss/">Cross-site Scripting (XSS)</a>.
+  <a href="https://owasp.org/www-community/attacks/xss/">Cross Site Scripting (XSS)</a>.
 </li>
 </references>
 </qhelp>
diff --git a/rust/ql/src/queries/security/CWE-079/XSS.ql b/rust/ql/src/queries/security/CWE-079/XSS.ql
index 58fb77422ae..3c43f5043c7 100644
--- a/rust/ql/src/queries/security/CWE-079/XSS.ql
+++ b/rust/ql/src/queries/security/CWE-079/XSS.ql
@@ -1,6 +1,6 @@
 /**
  * @name Cross-site scripting
- * @description Writing user input directly to a web page
+ * @description Writing user input directly to a webpage
  *              allows for a cross-site scripting vulnerability.
  * @kind path-problem
  * @problem.severity error