From 11bec09ffc8062788e85e4534b58b0ab8ef92859 Mon Sep 17 00:00:00 2001
From: Rob Winch <362503+rwinch@users.noreply.github.com>
Date: Mon, 15 Sep 2025 10:57:19 -0500
Subject: [PATCH] Escape attribute failures in Password4j docs

Issue gh-17706
---
 .../ROOT/pages/features/authentication/password-storage.adoc  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/modules/ROOT/pages/features/authentication/password-storage.adoc b/docs/modules/ROOT/pages/features/authentication/password-storage.adoc
index 13dfa19461..7ae143c37f 100644
--- a/docs/modules/ROOT/pages/features/authentication/password-storage.adoc
+++ b/docs/modules/ROOT/pages/features/authentication/password-storage.adoc
@@ -605,7 +605,7 @@ This provides an alternative to Spring Security's built-in `Pbkdf2PasswordEncode
 
 PBKDF2 is a key derivation function designed to be computationally expensive to thwart dictionary and brute force attacks.
 This implementation handles salt management explicitly since Password4j's PBKDF2 implementation does not include the salt in the output hash.
-The encoded password format is: `{salt}:{hash}` where both salt and hash are Base64 encoded.
+The encoded password format is: `+{salt}:{hash}+` where both salt and hash are Base64 encoded.
 
 .Pbkdf2Password4jPasswordEncoder
 [tabs]
@@ -646,7 +646,7 @@ The `BalloonHashingPassword4jPasswordEncoder` implementation uses the Balloon ha
 Balloon hashing is a memory-hard password hashing algorithm designed to be resistant to both time-memory trade-off attacks and side-channel attacks.
 
 This implementation handles salt management explicitly since Password4j's Balloon hashing implementation does not include the salt in the output hash.
-The encoded password format is: `{salt}:{hash}` where both salt and hash are Base64 encoded.
+The encoded password format is: `+{salt}:{hash}+` where both salt and hash are Base64 encoded.
 
 .BalloonHashingPassword4jPasswordEncoder
 [tabs]