Fix grammar in code injection warning.

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com> Co-authored-by: David Chadwick <d.w.chadwick@verifiablecredentials.info>
w3c · Apr 2, 2024 · e26578a · e26578a
1 parent 1b173df
commit e26578a
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/index.html b/index.html
@@ -6365,7 +6365,7 @@ <h4>Inappropriate Use</h4>
         <h3>Code Injection</h3>
 
         <p>
-It is possible to include data in [=verifiable credentials=] that include
+It is possible for data in [=verifiable credentials=] to include
 executable code or scripting languages. Authors of verifiable credentials are
 advised to avoid doing so, unless necessary, and the risks have been mitigated
 to the extent possible.
@@ -6376,35 +6376,35 @@ <h3>Code Injection</h3>
 or annotations, the contents of the string might require additional structure or
 markup in order to be presented correctly. It is possible to use markup
 languages, such as HTML, to label spans of text in different languages or to
-supply string-internal markup needed for proper display of [=bidirectional
+supply string-internal markup needed for the proper display of [=bidirectional
 text=]. It is also possible to use the `rdf:HTML` datatype to encode such values
 accurately in JSON-LD.
         </p>
 
         <p>
 Despite the ability to encode information as HTML, implementers are strongly
-discouraged from doing this because it:
+discouraged from doing so, for the following reasons:
         </p>
-
+        
         <ul>
           <li>
-Requires some version of an HTML processor, which increases the burden of
+It requires some version of an HTML processor, which increases the burden of
 processing language and base direction information.
           </li>
           <li>
-Increases the security attack surface when utilizing this data model because
-naively processing HTML could result in executing a `script` tag that
+It increases the security attack surface when utilizing this data model, because
+naively processing HTML could result in the execution of a `script` tag that
 an attacker injected at some point during the data production process.
           </li>
         </ul>
 
         <p>
 If implementers feel they need to use HTML, or other markup languages capable of
 containing executable scripts, to address a specific use case, they are advised
-to analyze how an attacker would use the markup to mount injection attacks
-against a consumer of the markup and then deploy mitigations against the
-identified attacks such as running the HTML rendering engine in a sandbox with
-no ability to have access to the network.
+to analyze how an attacker could use the markup to mount injection attacks
+against a consumer of the markup, and then deploy mitigations against the
+identified attacks, such as running the HTML rendering engine in a sandbox with
+no ability to access the network.
         </p>
       </section>