JS: address review comments

javascript/ql/src/semmle/javascript/dataflow/Configuration.qll

@@ -311,12 +311,17 @@ abstract class BarrierGuardNode extends DataFlow::Node {
   abstract predicate blocks(boolean outcome, Expr e);
 
   /**
-   * Holds if this barrier guard blocks all labels.
+   * Holds if this barrier guard should block all labels.
+   *
+   * To block specific labels only, subclasses should override this with `none()` and
+   * also override `blocksSpecificLabel`.
    */
   predicate blocksAllLabels() { any() }
 
   /**
    * Holds if this barrier guard only blocks specific labels, and `label` is one of them.
+   *
+   * Subclasses that override this predicate should also override `blocksAllLabels`.
    */
   predicate blocksSpecificLabel(FlowLabel label) { none() }
 }

javascript/ql/src/semmle/javascript/security/TaintedObject.qll

@@ -22,11 +22,11 @@ module TaintedObject {
   }
 
   /**
-   * Gets the flow label representing a deeply tainted objects.
+   * Gets the flow label representing a deeply tainted object.
    *
-   * A "tainted object" is an array or object whose values are all assumed to be tainted as well.
+   * A "tainted object" is an array or object whose properties values are all assumed to be tainted as well.
    *
-   * Note that the presence of the `object-taint` label generally implies the presence of the `taint` label as well.
+   * Note that the presence of the this label generally implies the presence of the `taint` label as well.
    */
   FlowLabel label() { result instanceof TaintedObjectLabel  }