diff --git a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java
index d6c65fec0..c14e125f1 100644
--- a/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java
+++ b/webgoat-lessons/cross-site-scripting/src/main/java/org/owasp/webgoat/plugin/CrossSiteScriptingLesson3.java
@@ -28,6 +28,7 @@ public class CrossSiteScriptingLesson3 extends AssignmentEndpoint {
public AttackResult completed(@RequestParam String editor) {
//https://github.com/OWASP/owasp-java-encoder
//maybe better idea for assignment
+ //
String line1 ="";
String line2 ="";
diff --git a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java
index 071befc49..fbbe4d29f 100644
--- a/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java
+++ b/webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/plugin/SecurePasswordsAssignment.java
@@ -42,7 +42,14 @@ public class SecurePasswordsAssignment extends AssignmentEndpoint {
output.append("Your Password: " + password + "");
output.append("Length: " + password.length()+ "");
output.append("Estimated guesses needed to crack your password: " + df.format(strength.getGuesses())+ "");
- output.append("Score: " + strength.getScore()+ "/5 ");
+ output.append("Score: " + strength.getScore()+ "/5");
+ if(strength.getScore()<=1){
+ output.append("
");
+ } else if(strength.getScore()<=3){
+ output.append("
");
+ } else{
+ output.append("
");
+ }
output.append("Estimated cracking time in seconds: " + calculateTime((long) strength.getCrackTimeSeconds().getOnlineNoThrottling10perSecond()));
if(strength.getScore() >= 4)