Update hybrid-timing.md

goedi02 · web-flow · commit 75b5a61aa432 · 2020-12-23T14:09:15.000+01:00
Editorial pass
diff --git a/content/docs/attacks/timing-attacks/hybrid-timing.md b/content/docs/attacks/timing-attacks/hybrid-timing.md
@@ -15,18 +15,18 @@ menu = "main"
 weight = 3
 +++
 
-Hybrid Timing Attacks allow attackers to measure the sum of a bunch of factors that influence the final timing measurement. These factors include:
+Hybrid Timing Attacks allow attackers to measure the sum of a group of factors that influence the final timing measurement. These factors include:
 
 - [Network delays]({{< ref "network-timing.md" >}})
 - Document parsing
 - Retrieval and processing of subresources
 - [Code execution]({{< ref "execution-timing.md" >}})
 
-Some of the factors differ in value depending on the application. This means that [Network Timing]({{< ref "network-timing.md" >}}) might be more significant in pages with more backend processing while [Execution Timing]({{< ref "execution-timing.md" >}}) can be more significant in applications processing and displaying data within the browser. Attackers can also eliminate some of these factors to obtain more precise measurements. For example, one could preload all the subresources by embedding the page as an `iframe` (forcing the browser to cache the subresources) and do a second measurement which will exclude any delay introduced by the retrieval of those subresources.
+Some of the factors differ in value depending on the application. This means that [Network Timing]({{< ref "network-timing.md" >}}) might be more significant for pages with more backend processing, while [Execution Timing]({{< ref "execution-timing.md" >}}) can be more significant in applications processing and displaying data within the browser. Attackers can also eliminate some of these factors to obtain more precise measurements. For example, an attacker could preload all of the subresources by embedding the page as an `iframe` (forcing the browser to cache the subresources) and then perform a second measurement, which excludes any delay introduced by the retrieval of those subresources.
 
 ##  Frame Timing Attacks (Hybrid)
 
-If a page does not set [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}), an attacker can obtain a hybrid measurement that considers all the factors. This attack is similar to the [Network-based Attack]({{< ref "network-timing.md#frame-timing-attacks-network" >}}), but when the resource is retrieved the page is rendered and executed by the browser (subresources fetched and JavaScript executed). In this scenario, the `onload` event only triggers once the page fully loads (including subresources and script execution).
+If a page does not set [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}), an attacker can obtain a hybrid measurement that considers all of the factors. This attack is similar to a [Network-based Attack]({{< ref "network-timing.md#frame-timing-attacks-network" >}}), but when the resource is retrieved, the page is rendered and executed by the browser (subresources fetched and JavaScript executed). In this scenario, the `onload` event only triggers once the page fully loads (including subresources and script execution).
 
 ```javascript
 var iframe = document.createElement('iframe');
