address review comments

Alvaro Muñoz · pwntester · commit 65d01f5c9ea7 · 2020-10-27T15:51:36.000+01:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureBeanValidation.qhelp b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureBeanValidation.qhelp
@@ -4,11 +4,9 @@
 <qhelp>
 
 <overview>
-<p>Bean validation custom constraint error messages support different types of interpolation, 
-including <a href="https://docs.jboss.org/hibernate/validator/5.1/reference/en-US/html/chapter-message-interpolation.html#section-interpolation-with-message-expressions">Java EL expressions</a>.
-Controlling part of the message template being passed to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()`
-argument will lead to arbitrary Java code execution. Unfortunately, it is common that validated (and therefore, normally 
-untrusted) bean properties flow into the custom error message.</p>
+<p>Bean validation custom constraint error messages support different types of interpolation, including [Java EL expressions](https://docs.jboss.org/hibernate/validator/5.1/reference/en-US/html/chapter-message-interpolation.html#section-interpolation-with-message-expressions).
+Controlling part of the error message template being passed to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()` argument will lead to arbitrary Java code execution.
+Unfortunately, it is common that validated (and therefore, normally untrusted) bean properties flow into the custom error message.</p>
 </overview>
 
 <recommendation>
