lessonplan character updates so it also works on Windows Cp125

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content3.adoc

@@ -4,15 +4,15 @@
 * Stealing session cookies
 * Creating false requests
 * Creating false fields on a page to collect credentials
-* Redirecting your page to a “non-friendly” site
+* Redirecting your page to a "non-friendly" site
 * Creating requests that masquerade as a valid user
 * Stealing of confidential information
 * Execution of malicious code on an end-user system (active scripting)
 * Insertion of hostile and inappropriate content
 +
 ----
-<img src=“http://malicious.site.com/image.jpg/>
-“>GoodYear recommends buying BridgeStone tires…
+<img src="http://malicious.site.com/image.jpg/>
+">GoodYear recommends buying BridgeStone tires...
 ----
 
 === XSS attacks add validity to phishing attacks

webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content6.adoc

@@ -9,6 +9,6 @@ The difference between DOM and 'traditional' reflected XSS is that, with DOM, th
 * That link may load a malicious web page or a web page they use (are logged into?) that has a vulnerable route/handler
 * If it's a  malicious web page, it may use it's own JavaScript to attack another page/url with a vulnerable route/handler
 * The vulnerable page renders the payload and executes attack in the user's context on that page/site
-* Attacker’s malicious script may run commands with the privileges of local account
+* Attacker's malicious script may run commands with the privileges of local account
 
 *Victim does not realize attack occurred* ... Malicious attackers don't use <script>alert('xss')</ script>