From c243f2f04236bc376afb78d2660bdb2f2429d268 Mon Sep 17 00:00:00 2001
From: Artem Smotrakov <artem.smotrakov@gmail.com>
Date: Tue, 2 Mar 2021 21:25:26 +0100
Subject: [PATCH] Improved JexlInjection.qhelp

---
 .../src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
index 1b9da908864..fa6e5b09410 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
@@ -31,15 +31,13 @@ The next example shows how an untrusted JEXL expression can be run
 in a sandbox that allows accessing only methods in the <code>java.lang.Math</code> class.
 The sandbox is implemented using <code>JexlSandbox</code> class that is provided by
 Apache Commons JEXL 3.
-However, it's recommended to avoid using untrusted input in JEXL expressions.
 </p>
 <sample src="SaferJexlExpressionEvaluationWithSandbox.java" />
 
 <p>
 The next example shows another way how a sandbox can be implemented.
-It uses a custom implememtation of <code>JexlUberspect</code>
+It uses a custom implementation of <code>JexlUberspect</code>
 that checks if callees are instances of allowed classes.
-Again, it's recommended to avoid using untrusted input in JEXL expressions.
 </p>
 <sample src="SaferJexlExpressionEvaluationWithUberspectSandbox.java" />
 </example>