diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index 53c0b2a8..9045cf97 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -209,7 +209,7 @@ Some **examples**:
When your input is reflected **inside the HTML page** or you can escape and inject HTML code in this context the **first** thing you need to do if check if you can abuse `<` to create new tags: Just try to **reflect** that **char** and check if it's being **HTML encoded** or **deleted** of if it is **reflected without changes**. **Only in the last case you will be able to exploit this case**.\
For this cases also **keep in mind** [**Client Side Template Injection**](../client-side-template-injection-csti.md)**.**\
-_**Note: A HTML comment can be closed using\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***** ****`-->`**** ****or \*\*\*\*****`--!>`**_
+_**Note: A HTML comment can be closed using**** ****`-->`**** ****or**** ****`--!>`**_
In this case and if no black/whitelisting is used, you could use payloads like:
@@ -1182,10 +1182,10 @@ alert("XSS");
-ht
+
```
-Find m**ore SVG payloads in** [**https://github.com/allanlw/svg-cheatsheet**](https://github.com/allanlw/svg-cheatsheet)\*\*\*\*
+Find **more SVG payloads in** [**https://github.com/allanlw/svg-cheatsheet**](https://github.com/allanlw/svg-cheatsheet)
## XSS resources