diff --git a/sections/security/escape-output.md b/sections/security/escape-output.md
index 1f28acb45..5bd310446 100644
--- a/sections/security/escape-output.md
+++ b/sections/security/escape-output.md
@@ -38,13 +38,18 @@ HTML and other web languages mix content with executable code - a single HTML pa
 
 From the Blog [benramsey.com](https://benramsey.com/articles/escape-output/)
 > Data may leave your application in the form of HTML sent to a Web browser, SQL sent to a database, XML sent to an RSS reader, WML sent to a wireless device, etc. The possibilities are limitless. Each of these has its own set of special characters that are interpreted differently than the rest of the plain text received. Sometimes we want to send these special characters so that they are interpreted (HTML tags sent to a Web browser, for example), while other times (in the case of input from users or some other source), we don’t want the characters to be interpreted, so we need to escape them.
-
-> Escaping is also sometimes referred to as encoding. In short, it is the process of representing data in a way that it will not be executed or interpreted. For example, HTML will render the following text in a Web browser as bold-faced text because the <strong> tags have special meaning: 
-<strong>This is bold text.</strong>
-But, suppose I want to render the tags in the browser and avoid their interpretation. Then, I need to escape the angle brackets, which have special meaning in HTML. The following illustrates the escaped HTML:
-
-&lt;strong&gt;This is bold text.&lt;/strong&gt;
-
+>
+> Escaping is also sometimes referred to as encoding. In short, it is the process of representing data in a way that it will not be executed or interpreted. For example, HTML will render the following text in a Web browser as bold-faced text because the `<strong>` tags have special meaning:
+>
+> ```html
+> <strong>This is bold text.</strong>
+> ```
+>
+> But, suppose I want to render the tags in the browser and avoid their interpretation. Then, I need to escape the angle brackets, which have special meaning in HTML. The following illustrates the escaped HTML:
+>
+> ```html
+> &lt;strong&gt;This is bold text.&lt;/strong&gt;
+> ```
 
 <br/><br/>
 
@@ -59,4 +64,4 @@ From the blog OWASP [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://
 ### Blog Quote: "You MUST use the escape syntax for the part of the HTML"
 
 From the blog OWASP [XSS (Cross Site Scripting) Prevention Cheat Sheet](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet)
-> "But HTML entity encoding doesn't work if you're putting untrusted data inside a <script> tag anywhere, or an event handler attribute like onmouseover, or inside CSS, or in a URL. So even if you use an HTML entity encoding method everywhere, you are still most likely vulnerable to XSS. You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into."
\ No newline at end of file
+> "But HTML entity encoding doesn't work if you're putting untrusted data inside a `<script>` tag anywhere, or an event handler attribute like onmouseover, or inside CSS, or in a URL. So even if you use an HTML entity encoding method everywhere, you are still most likely vulnerable to XSS. You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into."
