Apply suggestions from code review

Co-authored-by: Asger F <asgerf@github.com>

javascript/change-notes/2021-03-09-template-object-injection.md

@@ -1,2 +1,2 @@
 lgtm,codescanning
-* The `js/template-object-injection` query has been added. It highlights servers where an templating engine may allow attacks on the server.
+* The `js/template-object-injection` query has been added. It highlights places where an attacker can pass special parameters to a template engine.

javascript/ql/src/Security/CWE-073/TemplateObjectInjection.qhelp

@@ -11,14 +11,14 @@ local file reads or even remote code execution.
 
 <recommendation>
 <p>
-Avoid using user-controlled objects as arguments to template engine, instead construct the object explicitly with 
+Avoid using user-controlled objects as arguments to a template engine. Instead, construct the object explicitly with 
 the specific properties needed by the template.
 </p>
 </recommendation>
 
 <example>
 <p>
-In the below example a server uses the user-controlled <code>profile</code> object to 
+In the example below a server uses the user-controlled <code>profile</code> object to 
 render the <code>index</code> template.  
 </p>
 <sample src="examples/TemplateObjectInjection.js" />
@@ -42,4 +42,4 @@ cwe.mitre.org: <a href="https://cwe.mitre.org/data/definitions/73.html">CWE-73:
 </li>
 
 </references>
-</qhelp>
+</qhelp>