summaryrefslogtreecommitdiff
path: root/doc/development/fe_guide/security.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/development/fe_guide/security.md')
-rw-r--r--doc/development/fe_guide/security.md4
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/development/fe_guide/security.md b/doc/development/fe_guide/security.md
index 627c5f4d12f..df4613d521d 100644
--- a/doc/development/fe_guide/security.md
+++ b/doc/development/fe_guide/security.md
@@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
## Resources
-[Mozilla’s HTTP Observatory CLI](https://github.com/mozilla/http-observatory-cli) and the
+[Mozilla’s HTTP Observatory CLI](https://github.com/mozilla/http-observatory-cli) and
[Qualys SSL Labs Server Test](https://www.ssllabs.com/ssltest/analyze.html) are good resources for finding
potential problems and ensuring compliance with security best practices.
@@ -76,7 +76,7 @@ such as with reCAPTCHA, which cannot be used without an `iframe`.
In order to protect users from [XSS vulnerabilities](https://en.wikipedia.org/wiki/Cross-site_scripting), we intend to disable
inline scripts in the future using Content Security Policy.
-While inline scripts can be useful, they're also a security concern. If
+While inline scripts can make something easier, they're also a security concern. If
user-supplied content is unintentionally left un-sanitized, malicious users can
inject scripts into the web app.
View Lorry Controller Status