diff --git a/security/escaping-output.md b/security/escaping-output.md
index ff36d2b..16679a8 100644
--- a/security/escaping-output.md
+++ b/security/escaping-output.md
@@ -29,7 +29,9 @@ WordPress thankfully has a few helper functions we can use for most of what we
`esc_attr()` can be used on everything else that's printed into an HTML element's attribute.
-@todo example for esc_attr()
+```
+Click me
+```
It's important to note that most WordPress functions properly prepare the data for output, and you don't need to escape again.
@@ -39,6 +41,14 @@ It's important to note that most WordPress functions properly prepare the data f
@todo include note of wp_post_kses()
+Special case when working on *textarea*. While applying wp_kses will delete
html tag and newlines will not be preserved, there is a trick to do it.
+
+```
+