From d0091e1b3c9c8c9da73b56db13a4f03a0e35a562 Mon Sep 17 00:00:00 2001
From: Ian Lynagh <igfoo@github.com>
Date: Mon, 15 Sep 2025 14:53:03 +0100
Subject: [PATCH] javascript: Fix spelling error in documentation

Corrects the spelling of "occurrences" in the Incomplete Multi-Character
Sanitization documentation to improve clarity.
---
 .../Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp
index 63f28578ec1e..b5ef7781f361 100644
--- a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp
+++ b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp
@@ -108,7 +108,7 @@ str.replace(/\.\.\//g, "");
 </sample>
 
 <p>
-The regular expression attempts to strip out all occurences of <code>/../</code> from <code>str</code>.
+The regular expression attempts to strip out all occurrences of <code>/../</code> from <code>str</code>.
 This will not work as expected: for the string <code>/./.././</code>, for example, it will remove the single
 occurrence of <code>/../</code> in the middle, but the remainder of the string then becomes
 <code>/../</code>, which is another instance of the substring we were trying to remove.