Apply suggestions from code review

Co-authored-by: Estelle Weyl <[email protected]>
wbamberg · Dec 17, 2024 · 60b0993 · 60b0993
1 parent cc21cf9
commit 60b0993
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/files/en-us/web/security/attacks/clickjacking/index.md b/files/en-us/web/security/attacks/clickjacking/index.md
@@ -4,7 +4,7 @@ slug: Web/Security/Attacks/Clickjacking
 page-type: guide
 ---
 
-In a clickjacking attack, an attacker tricks the user into interacting with a target site in a way that they didn't intend.
+In a **clickjacking** attack, an attacker tricks the user into interacting with a target site in a way that they didn't intend.
 
 To do this, the attacker creates a decoy site which embeds the user's target site inside an {{htmlelement("iframe")}} element. The attacker's site hides the `<iframe>`, and aligns some decoy elements so they appear in the same place as elements in the target site that trigger sensitive actions. When the user tries to interact with these decoy elements, they are inadvertently interacting with the target site instead, and may be tricked into performing actions with the target site which they did not intend.
 
@@ -56,7 +56,7 @@ There are two relevant tools here:
 - The [`frame-ancestors` directive](/en-US/docs/Web/HTTP/CSP#clickjacking_protection) in a [content security policy](/en-US/docs/Web/HTTP/CSP)
 - The {{httpheader("X-Frame-Options")}} response header.
 
-The `frame-ancestors` directive is a replacement for `X-Frame-Options`. By setting `X-Frame-Options` as well as `frame-ancestors`, you can prevent embedding in browsers that don't support `frame-ancestors`. However, [browser support for `frame-ancestors` is very good](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors#browser_compatibility), so this is not a major concern.
+The `frame-ancestors` directive is a replacement for `X-Frame-Options`. By setting `X-Frame-Options` as well as `frame-ancestors`, you can prevent embedding in browsers that don't support `frame-ancestors`. As [browser support for `frame-ancestors` is very good](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors#browser_compatibility), this is not a major concern.
 
 If `frame-ancestors` and `X-Frame-Options` are both set, then browsers that support `frame-ancestors` will ignore `X-Frame-Options`.
 

diff --git a/files/en-us/web/security/types_of_attacks/index.md b/files/en-us/web/security/types_of_attacks/index.md
@@ -10,7 +10,7 @@ This article describes various types of security attacks and techniques to mitig
 
 ## Clickjacking
 
-[Clickjacking](/en-US/docs/Web/Security/Attacks/Clickjacking) is the practice of tricking a user into clicking on a link, button, etc. that is other than what the user thinks it is. This can be used, for example, to steal login credentials or to get the user's unwitting permission to install a piece of malware. (Click-jacking is sometimes called "user interface redressing", though this is a misuse of the term "redress".)
+[Clickjacking](/en-US/docs/Web/Security/Attacks/Clickjacking) is the practice of tricking a user into clicking on a link, button, etc. that is other than what the user thinks it is. This can be used, for example, to steal login credentials or to get the user's unwitting permission to install a piece of malware. (Clickjacking is sometimes called "user interface redressing", though this is a misuse of the term "redress".)
 
 ## Cross-site scripting (XSS)