OWASP · mikesamuel · Apr 12, 2019 · Apr 12, 2019 · Apr 12, 2019 · Apr 12, 2019
diff --git a/README.md b/README.md
@@ -66,14 +66,12 @@ to do things like changing `h1`s to `div`s with a certain class:
 PolicyFactory policy = new HtmlPolicyBuilder()
     .allowElements("p")
     .allowElements(
-        new ElementPolicy() {
-          (String elementName, List<String> attrs) -> {
-            // Add a class attribute.
-            attrs.add("class");
-            attrs.add("header-" + elementName);
-            // Return elementName to include, null to drop.
-            return "div";
-          }
+        (String elementName, List<String> attrs) -> {
+          // Add a class attribute.
+          attrs.add("class");
+          attrs.add("header-" + elementName);
+          // Return elementName to include, null to drop.
+          return "div";
         }, "h1", "h2", "h3", "h4", "h5", "h6")
     .toFactory();
 String safeHTML = policy.sanitize(untrustedHTML);

diff --git a/docs/client-side-templates.md b/docs/client-side-templates.md
@@ -22,7 +22,7 @@ Many client-side templates look for special constructs in text nodes.  Often, us
 
 ## Client side template / expression attributes
 
-When filtering client-side templates, it should also be considered to fully cover attributes containing expressions and parseable information that might cause damage or lead to arbitary JavaScript execution.
+When filtering client-side templates, it should also be considered to fully cover attributes containing expressions and parseable information that might cause damage or lead to arbitrary JavaScript execution.
 
 | Template Language | Attrbutes | Notes |
 |-------------------|-----------|-------|