diff --git a/files/en-us/web/api/range/createcontextualfragment/index.md b/files/en-us/web/api/range/createcontextualfragment/index.md
index 5e0e160e98ecd5d..18bf1dcfdfc5788 100644
--- a/files/en-us/web/api/range/createcontextualfragment/index.md
+++ b/files/en-us/web/api/range/createcontextualfragment/index.md
@@ -47,7 +47,7 @@ In the HTML case, if the context node would be `html`, for historical reasons th
### Security considerations
The method does not perform any sanitization of the input to remove XSS-unsafe elements such as {{htmlelement("script")}}, or event handler content attributes.
-If the input is provided by a user, and the returned {{domxref("DocumentFragment")}} is subsequently injected into the DOM, this method can be therefore become a vector for [cross-site scripting (XSS)](/en-US/docs/Web/Security/Attacks/XSS) attacks.
+If the input is provided by a user, and the returned {{domxref("DocumentFragment")}} is subsequently injected into the DOM, this method can become a vector for [cross-site scripting (XSS)](/en-US/docs/Web/Security/Attacks/XSS) attacks.
For example, the following code would inject the potentially dangerous user-provided string into the DOM.
diff --git a/files/en-us/web/html/reference/attributes/rel/modulepreload/index.md b/files/en-us/web/html/reference/attributes/rel/modulepreload/index.md
index 915093ac8f99ed3..d8ca99b3fb3fa25 100644
--- a/files/en-us/web/html/reference/attributes/rel/modulepreload/index.md
+++ b/files/en-us/web/html/reference/attributes/rel/modulepreload/index.md
@@ -21,7 +21,7 @@ If `crossorigin` is set to [`anonymous`](/en-US/docs/Web/HTML/Reference/Attribut
If `crossorigin` is set to [`use-credentials`](/en-US/docs/Web/HTML/Reference/Attributes/crossorigin#use-credentials) then the credentials mode is [`include`](/en-US/docs/Web/API/Request/credentials#include), and user credentials for both single- and cross-origin requests.
The [`as`](/en-US/docs/Web/HTML/Reference/Elements/link#as) attribute is optional for links with `rel="modulepreload"`, and defaults to `"script"`.
-It can be set to `"script"` or any script-like destination, such as `"audioworklet"`, `"paintworklet"`, `"serviceworker"`, `"sharedworker"`, or `"worker"`.
+It can be set to `"script"`, `"style"`, `"json"`, or any script-like destination, such as `"audioworklet"`, `"paintworklet"`, `"serviceworker"`, `"sharedworker"`, or `"worker"`.
An [`Event`](/en-US/docs/Web/API/Event/Event) named "error" is fired on the element if any other destination is used.
A browser _may_ additionally also choose to automatically fetch any dependencies of the module resource.
diff --git a/files/en-us/web/html/reference/elements/link/index.md b/files/en-us/web/html/reference/elements/link/index.md
index 5feb79d951e2ba7..5c6443e3387a724 100644
--- a/files/en-us/web/html/reference/elements/link/index.md
+++ b/files/en-us/web/html/reference/elements/link/index.md
@@ -142,6 +142,12 @@ This element includes the [global attributes](/en-US/docs/Web/HTML/Reference/Glo
CSS *-image rules
+
+ | json |
+
+ modulepreload destinations.
+ |
+
| object |
<object> elements |
@@ -149,14 +155,14 @@ This element includes the [global attributes](/en-US/docs/Web/HTML/Reference/Glo
| script |
- <script> elements, Worker importScripts
+ <script> elements, Worker importScripts, and modulepreload destinations.
|
| style |
<link rel=stylesheet> elements, CSS
- @import
+ @import and modulepreload destinations.
|