Apply suggestions from code review

Co-authored-by: mc <[email protected]>

swift/ql/src/change-notes/2023-08-23-incomplete-hostname-regex.md

@@ -2,4 +2,4 @@
 category: newQuery
 ---
 
-* Added new query "Incomplete regular expression for hostnames" (`swift/incomplete-hostname-regexp`). This query finds regular expressions matching a URL or hostname that might match more hostnames than expected.
+* Added new query "Incomplete regular expression for hostnames" (`swift/incomplete-hostname-regexp`). This query finds regular expressions matching a URL or hostname that may match more hostnames than expected.

swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp

@@ -50,7 +50,7 @@
 
 		<p>
 
-			The check is however easy to bypass because the unescaped
+			The check is, however, easy to bypass because the unescaped
 			<code>.</code> allows for any character before
 			<code>example.com</code>, effectively allowing the redirect to go to
 			an attacker-controlled domain such as <code>wwwXexample.com</code>.
@@ -68,7 +68,7 @@
 	</example>
 
 	<references>
-		<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">Server Side Request Forgery</a></li>
-		<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">Unvalidated Redirects and Forwards Cheat Sheet</a></li>
+		<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">Server Side Request Forgery</a>.</li>
+		<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
 	</references>
 </qhelp>