diff --git a/javascript/change-notes/2021-03-09-template-object-injection.md b/javascript/change-notes/2021-03-09-template-object-injection.md
index a29de92fb3f..c7f91f82032 100644
--- a/javascript/change-notes/2021-03-09-template-object-injection.md
+++ b/javascript/change-notes/2021-03-09-template-object-injection.md
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* The `js/template-object-injection` query has been added. It highlights servers where an templating engine may allow attacks on the server.
+* The `js/template-object-injection` query has been added. It highlights places where an attacker can pass special parameters to a template engine.
diff --git a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.qhelp b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.qhelp
index 3d0abba8703..2123231ff11 100644
--- a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.qhelp
+++ b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.qhelp
@@ -11,14 +11,14 @@ local file reads or even remote code execution.
 
 <recommendation>
 <p>
-Avoid using user-controlled objects as arguments to template engine, instead construct the object explicitly with 
+Avoid using user-controlled objects as arguments to a template engine. Instead, construct the object explicitly with 
 the specific properties needed by the template.
 </p>
 </recommendation>
 
 <example>
 <p>
-In the below example a server uses the user-controlled <code>profile</code> object to 
+In the example below a server uses the user-controlled <code>profile</code> object to 
 render the <code>index</code> template.  
 </p>
 <sample src="examples/TemplateObjectInjection.js" />
@@ -42,4 +42,4 @@ cwe.mitre.org: <a href="https://cwe.mitre.org/data/definitions/73.html">CWE-73:
 </li>
 
 </references>
-</qhelp>
\ No newline at end of file
+</qhelp>