Apply Mike's suggestions from code review

danielfett · selfissued · web-flow · commit 3c151a5d60da · 2024-05-07T19:28:06.000+02:00
Co-authored-by: Michael B. Jones &lt;michael_b_jones@hotmail.com&gt;
diff --git a/A04_attacks-and-mitigations.md b/A04_attacks-and-mitigations.md
@@ -106,7 +106,7 @@ The attack described above works for the implicit grant as well. If
 the attacker is able to send the authorization response to an attacker-controlled URI, the attacker will directly get access to the fragment carrying the
 access token.
 
-Additionally, implicit grants (and also other grants when using `response_mode=fragment` as defined in [@OpenID.MRT]) can be subject to a further kind of
+Additionally, implicit grants (and also other grants when using `response_mode=fragment` as defined in [@OAuth.Responses]) can be subject to a further kind of
 attack. It utilizes the fact that user agents re-attach fragments to
 the destination URL of a redirect if the location header does not
 contain a fragment (see [@!RFC9110], Section 17.11). The attack
diff --git a/B_references.md b/B_references.md
@@ -53,7 +53,7 @@
   </front>
 </reference>
 
-<reference anchor="OpenID.MRT" target="https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html">
+<reference anchor="OAuth.Responses" target="https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html">
   <front>
     <title>OAuth 2.0 Multiple Response Type Encoding Practices</title>
     <author initials="B." surname="de Medeiros" fullname="Breno de Medeiros">
