Apply suggestions from code review

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com> Co-authored-by: Fredrik Adelöw <freben@gmail.com>
soprasteria · Mar 5, 2022 · 30d7d39 · 30d7d39
1 parent 81e0166
commit 30d7d39
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -61,7 +61,7 @@ function writeTemporaryFile(tmpDir: string, name: string, content: string) {
 
 If the `name` of the file is controlled by the user, they can for example enter `../../../../etc/hosts` as the name of the file. This can lead to a file being written outside the intended directory, which in turn can be used to inject malicious code or other form of attacks.
 
-The recommended solution to this is to use `resolveSafeChildPath` from `@backstage/backend-common` to resolve the file path instead. It makes sure that the resolved path does not fall outside the provided directory. If you simply what to validate whether a file path is safe, you can use `isChildPath` instead.
+The recommended solution to this is to use `resolveSafeChildPath` from `@backstage/backend-common` to resolve the file path instead. It makes sure that the resolved path does not fall outside the provided directory. If you simply want to validate whether a file path is safe, you can use `isChildPath` instead.
 
 The insecure example above should instead be written like this:
 
@@ -103,7 +103,7 @@ res.send({ ok: true }); // BAD
 res.json({ ok: true }); // GOOD
 ```
 
-If you absolute must return a string with `.send(...)`, use an explicit and secure `Content-Type`:
+If you absolutely must return a string with `.send(...)`, use an explicit and secure `Content-Type`:
 
 ```ts
 res.send(`message=${message}`); // BAD