Update general/development/policies/security/crosssite-request-forgery.md

Co-authored-by: Andrew Lyons <andrew@nicols.co.uk>

Author: kabalin

general/development/policies/security/crosssite-request-forgery.md

@@ -33,7 +33,7 @@ It may be a bit surprising, but this type of attack may be used against servers
 
 ### Session key (CSRF token) {#session-key}
 
-The most important protection is the concept CSRF token, which is for historic reasons called **sesskey** in Moodle.
+The most important protection is the concept CSRF token, which is for historic reasons called **`sesskey`** in Moodle.
 
 When you log in, Moodle generates a random string and stores it in the session. Whenever it prints a link or a button to perform a significant action, it adds the sesskey value to the submitted data. Before performing the action, it checks the sesskey value in the request with the one in the session, and the action is only performed if the two match.