meonBot · pull · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026
diff --git a/files/en-us/web/api/range/createcontextualfragment/index.md b/files/en-us/web/api/range/createcontextualfragment/index.md
@@ -47,7 +47,7 @@ In the HTML case, if the context node would be `html`, for historical reasons th
 ### Security considerations
 
 The method does not perform any sanitization of the input to remove XSS-unsafe elements such as {{htmlelement("script")}}, or event handler content attributes.
-If the input is provided by a user, and the returned {{domxref("DocumentFragment")}} is subsequently injected into the DOM, this method can be therefore become a vector for [cross-site scripting (XSS)](/en-US/docs/Web/Security/Attacks/XSS) attacks.
+If the input is provided by a user, and the returned {{domxref("DocumentFragment")}} is subsequently injected into the DOM, this method can become a vector for [cross-site scripting (XSS)](/en-US/docs/Web/Security/Attacks/XSS) attacks.
 
 For example, the following code would inject the potentially dangerous user-provided string into the DOM.
 

diff --git a/files/en-us/web/html/reference/attributes/rel/modulepreload/index.md b/files/en-us/web/html/reference/attributes/rel/modulepreload/index.md
@@ -21,7 +21,7 @@ If `crossorigin` is set to [`anonymous`](/en-US/docs/Web/HTML/Reference/Attribut
 If `crossorigin` is set to [`use-credentials`](/en-US/docs/Web/HTML/Reference/Attributes/crossorigin#use-credentials) then the credentials mode is [`include`](/en-US/docs/Web/API/Request/credentials#include), and user credentials for both single- and cross-origin requests.
 
 The [`as`](/en-US/docs/Web/HTML/Reference/Elements/link#as) attribute is optional for links with `rel="modulepreload"`, and defaults to `"script"`.
-It can be set to `"script"` or any script-like destination, such as `"audioworklet"`, `"paintworklet"`, `"serviceworker"`, `"sharedworker"`, or `"worker"`.
+It can be set to `"script"`, `"style"`, `"json"`, or any script-like destination, such as `"audioworklet"`, `"paintworklet"`, `"serviceworker"`, `"sharedworker"`, or `"worker"`.
 An [`Event`](/en-US/docs/Web/API/Event/Event) named "error" is fired on the element if any other destination is used.
 
 A browser _may_ additionally also choose to automatically fetch any dependencies of the module resource.

diff --git a/files/en-us/web/html/reference/elements/link/index.md b/files/en-us/web/html/reference/elements/link/index.md
@@ -142,21 +142,27 @@ This element includes the [global attributes](/en-US/docs/Web/HTML/Reference/Glo
             CSS <code>*-image</code> rules
           </td>
         </tr>
+        <tr>
+          <td>json</td>
+          <td>
+            <code>modulepreload</code> destinations.
+          </td>
+        </tr>
         <tr>
           <td>object</td>
           <td><code>&#x3C;object></code> elements</td>
         </tr>
         <tr>
           <td>script</td>
           <td>
-            <code>&#x3C;script></code> elements, Worker <code>importScripts</code>
+            <code>&#x3C;script></code> elements, Worker <code>importScripts</code>, and <code>modulepreload</code> destinations.
           </td>
         </tr>
         <tr>
           <td>style</td>
           <td>
             <code>&#x3C;link rel=stylesheet></code> elements, CSS
-            <code>@import</code>
+            <code>@import</code> and <code>modulepreload</code> destinations.
           </td>
         </tr>
         <tr>