diff --git a/xml/source/snippets/offerte/en/aboutus.xml b/xml/source/snippets/offerte/en/aboutus.xml
index 6b079d1..ba43c1c 100644
--- a/xml/source/snippets/offerte/en/aboutus.xml
+++ b/xml/source/snippets/offerte/en/aboutus.xml
@@ -1,42 +1,69 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-        <title>About <company_long/></title>
-	<p><company_long/> is the world's first not-for-profit computer security consultancy. 
-	We operate under an innovative new business model whereby we use a Dutch fiscal 
-	entity, called a “Fiscaal Fondswervende Instelling” (Fiscal Fund raising Institution), 
-	as a commercial front-end to send 90% of our profits, tax-free, to a not-for-profit 
-	foundation, Stichting NL net. The NLnet Foundation has supported open-source, 
-	digital rights, and Internet research for almost 20 years.</p>
+  <title>About
+    <company_long/>
+  </title>
+  <p>
+    <company_long/>
+    is the world's first not-for-profit computer security consultancy. We
+    operate under an innovative new business model whereby we use a Dutch fiscal
+    entity, called a “Fiscaal Fondswervende Instelling” (Fiscal Fund raising
+    Institution), as a commercial front-end to send 90% of our profits,
+    tax-free, to a not-for-profit foundation, Stichting NL net. The NLnet
+    Foundation has supported open-source, digital rights, and Internet research
+    for almost 20 years.
+  </p>
 
-	<p>In contrast to other organizations, our profits do not benefit shareholders, 
-	investors, or founders. Our profits benefit society. As an  
-	organization without a profit-motive, we recruit top-name, ethical security 
-	experts and find like-minded customers that want to use their IT security 
-	budget as a "vote" to support socially responsible entrepreneurship. The rapid 
-	pace of our current growth reflects the positive response the market has to our 
-	idealistic philosophy and innovative business model.</p>
+  <p>In contrast to other organizations, our profits do not benefit
+    shareholders, investors, or founders. Our profits benefit society. As an
+    organization without a profit-motive, we recruit top-name, ethical security
+    experts and find like-minded customers that want to use their IT security
+    budget as a "vote" to support socially responsible entrepreneurship. The
+    rapid pace of our current growth reflects the positive response the market
+    has to our idealistic philosophy and innovative business model.
+  </p>
 
- <p><company_long/> has a number of values that we describe as our 
- “Core Principles.” These are:</p>
-    <ul>
-      <li><b>No sketchy stuff</b><br/> 
-      We don't build surveillance systems, hack activists, sell exploits to 
-      intelligence agencies, or anything of the sort. If a job is even remotely 
-      morally questionable, we simply won't do it.</li>
-      <li><b>Open-Source</b><br/>
-      Releasing ALL tools and frameworks we build as open source on GitHub (a link to our GitHub page can be found on our website).</li>
-      <li><b>Teach to fish</b><br/>
-      During engagements, we will not only share our results with your company, 
-      but also provide a step-by-step description of how to perform the same 
-      audit or procedure without us. We want to demystify what we're doing. 
-      It's not rocket science, and we genuinely want to help your company 
-      improve its security posture, even if it costs us repeat business.</li>
-      <li><b>IoCs for free</b><br/>Releasing ALL collected threat intelligence 
-      (Indicators of Compromise) into an open-source database that everyone can freely use. 
-      (Sanitized in agreement with customers.)</li>
-      <li><b>Zero days</b><br/>
-      We don't sell zero-days - we responsibly disclose them!</li>
-          </ul> 
-<p>For more information about <company_long/>, we refer you to our website: 
-<a href="http://www.radicallyopensecurity.com">www.radicallyopensecurity.com</a>.</p>
+  <p>
+    <company_long/>
+    has a number of values that we describe as our “Core Principles.” These are:
+  </p>
+  <ul>
+    <li>
+      <b>No sketchy stuff</b>
+      <br/>
+      We don't build surveillance systems, hack activists, sell exploits to
+      intelligence agencies, or anything of the sort. If a job is even remotely
+      morally questionable, we simply won't do it.
+    </li>
+    <li>
+      <b>Open-Source</b>
+      <br/>
+      Releasing ALL tools and frameworks we build as open source on GitHub (a
+      link to our GitHub page can be found on our website).
+    </li>
+    <li>
+      <b>Teach to fish</b>
+      <br/>
+      During engagements, we will not only share our results with your company,
+      but also provide a step-by-step description of how to perform the same
+      audit or procedure without us. We want to demystify what we're doing. It's
+      not rocket science, and we genuinely want to help your company improve its
+      security posture, even if it costs us repeat business.
+    </li>
+    <li>
+      <b>IoCs for free</b>
+      <br/>Releasing ALL collected threat intelligence (Indicators of
+      Compromise) into an open-source database that everyone can freely use.
+      (Sanitized in agreement with customers.)
+    </li>
+    <li>
+      <b>Zero days</b>
+      <br/>
+      We don't sell zero-days - we responsibly disclose them!
+    </li>
+  </ul>
+  <p>For more information about<company_long/>, we refer you to our website:
+    <a href="http://www.radicallyopensecurity.com">
+      www.radicallyopensecurity.com</a>.
+  </p>
 </section>
diff --git a/xml/source/snippets/offerte/en/additional-code-audit_methodology.xml b/xml/source/snippets/offerte/en/additional-code-audit_methodology.xml
index 63f1329..12d6d97 100644
--- a/xml/source/snippets/offerte/en/additional-code-audit_methodology.xml
+++ b/xml/source/snippets/offerte/en/additional-code-audit_methodology.xml
@@ -2,48 +2,53 @@
 <section>
   <title>Code Audit</title>
   <p>
-    <company_short/> will perform a code audit to aid pentesting. During a 
-    code audit, we manually examine the code of an application to ensure there 
-    are no security vulnerabilities and use our understanding of the code to 
-    guide our pentesting. If vulnerabilities are found, we document those and 
-    suggest ways to fix them. This is done by highly-trained penetration testers 
-    who can both review the raw code as well as interpret the findings of the 
-    automated scans, putting them into context.
+    <company_short/>
+    will perform a code audit to aid pentesting. During a code audit, we
+    manually examine the code of an application to ensure there are no security
+    vulnerabilities and use our understanding of the code to guide our
+    pentesting. If vulnerabilities are found, we document those and suggest ways
+    to fix them. This is done by highly-trained penetration testers who can both
+    review the raw code as well as interpret the findings of the automated
+    scans, putting them into context.
   </p>
   <p>
-     During the code audit portion of penetration tests, we take the following 
-     criteria into account:
+    During the code audit portion of penetration tests, we take the following
+    criteria into account:
   </p>
   <ol>
-    <li>Risk Assessment and "Threat Modeling"<br/>
-      In this step, we analyze the risks of a particular application or system. 
-      Threat Modeling is a specific, structured approach to risk analysis that 
-      enables us to identify, qualify, and address the security risks, thus 
-      dovetailing with the Code Review process. For example, user data is 
-      sacred. We focus on encrypted storage, discover if <client_short/> employees 
-      have a backdoor into data, and cut loose stolen devices by wiping them 
-      remotely and revoking accounts.
+    <li>Risk Assessment and "Threat Modeling"
+      <br/>
+      In this step, we analyze the risks of a particular application or system.
+      Threat Modeling is a specific, structured approach to risk analysis that
+      enables us to identify, qualify, and address the security risks, thus
+      dovetailing with the Code Review process. For example, user data is
+      sacred. We focus on encrypted storage, discover if <client_short/>
+      employees have a backdoor into data, and cut loose stolen devices by
+      wiping them remotely and revoking accounts.
     </li>
-    <li>Purpose and Context<br/>
-      Here we focus on risks, especially in the quick and easy sharing of 
-      internal documents and itineraries. Account details aren't so secret 
-      when we know who will be in meetings, but what's being discussed is secret.
+    <li>Purpose and Context
+      <br/>
+      Here we focus on risks, especially in the quick and easy sharing of
+      internal documents and itineraries. Account details aren't so secret when
+      we know who will be in meetings, but what's being discussed is secret.
     </li>
-    <li>Complexity<br/>
-      The complexity of the system is in the frameworks that support the web 
-      application. We'd ignore those and focus only on the custom code and 
-      backend code. We would also 
-      focus on implementation mistakes and known flaws in the systems. For 
-      example, we'd ensure you're using the latest versions of software, 
-      but we wouldn't delve into the framework itself. Since we assume the 
-      code is written by a team, it should be clearly-written code. If you have 
-      several full-release versions, there will undoubtedly be several revisions 
-      and audits on that code.
+    <li>Complexity
+      <br/>
+      The complexity of the system is in the frameworks that support the web
+      application. We'd ignore those and focus only on the custom code and
+      backend code. We would also focus on implementation mistakes and known
+      flaws in the systems. For example, we'd ensure you're using the latest
+      versions of software, but we wouldn't delve into the framework itself.
+      Since we assume the code is written by a team, it should be
+      clearly-written code. If you have several full-release versions, there
+      will undoubtedly be several revisions and audits on that code.
     </li>
   </ol>
   <p>
-    For more information, please refer to this link: 
-    <a href="https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents">
-    https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents</a>
+    For more information, please refer to this link:
+    <a
+      href="https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents">
+      https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents
+    </a>
   </p>
 </section>
diff --git a/xml/source/snippets/offerte/en/black-box.xml b/xml/source/snippets/offerte/en/black-box.xml
index 30c239a..cfb641a 100644
--- a/xml/source/snippets/offerte/en/black-box.xml
+++ b/xml/source/snippets/offerte/en/black-box.xml
@@ -1,16 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section id="blackboxing">
-<title>The Black-Box Pentesting Method</title>
-<p>
-  <!--snippet -->Crystal-Box vs. Black-Box pentesting refers to the amount of information
-  about the target environment, architecture, and/or applications that the customer 
-  initially shares with the pentesters. With Black-Box testing, pentesters
-  are given no information whatsoever about the target(s). With Crystal-Box testing,
-  pentesters are given all information requested about the target(s), including 
-  source code (when relevant), access to developers or system management, etc..
-<br />
-<br />
-  In this case <company_short/> will conduct a black-Box test.
-</p>
+  <title>The Black-Box Pentesting Method</title>
+  <p>
+    Crystal-Box vs. Black-Box pentesting refers to the amount of information
+    about the target environment, architecture, and/or applications that the
+    customer initially shares with the pentesters. With Black-Box testing,
+    pentesters are given no information whatsoever about the target(s). With
+    Crystal-Box testing, pentesters are given all information requested about
+    the target(s), including source code (when relevant), access to developers
+    or system management, etc.
+  </p>
+  <p>In this case <company_short/> will conduct a black-Box test.</p>
 </section>
-<!-- end of template -->
\ No newline at end of file
diff --git a/xml/source/snippets/offerte/en/conditions.xml b/xml/source/snippets/offerte/en/conditions.xml
index f09b2dd..00e93c3 100644
--- a/xml/source/snippets/offerte/en/conditions.xml
+++ b/xml/source/snippets/offerte/en/conditions.xml
@@ -1,21 +1,32 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-        <title>Terms and Conditions</title>
-        <p><company_short/> will only perform the <company_svc_short/>
-        if it has obtained the permission from <generate_permission_parties/> 
-        as set out in the penetration testing waiver, attached as <b>Annex 2</b>, 
-        or provided in a separate document.</p>
-        
-        <p><company_short/> performs this assignment on the basis of its general 
-        terms and conditions, which are attached to this offer as Annex 1. 
-        <company_short/> rejects any general terms and conditions used by 
-        <client_short/>.</p>
-        <p>In order to agree to this offer, please sign this letter in duplicate 
-        and return it to:</p>
-        <contact>
-    <name><company_legal_rep/></name>
-    <address><company_long/><br/>Overdiemerweg 28<br/>1111 PP Diemen</address>
+  <title>Terms and Conditions</title>
+  <p>
+    <company_short/> will only perform the
+    <company_svc_short/> if it has obtained the permission from
+    <generate_permission_parties/> as set out in the penetration testing waiver,
+    attached as <b>Annex 2</b>, or provided in a separate document.
+  </p>
+
+  <p>
+    <company_short/>
+    performs this assignment on the basis of its general terms and conditions,
+    which are attached to this offer as Annex 1.
+    <company_short/> rejects any general terms and conditions used by
+    <client_short/>.
+  </p>
+  <p>In order to agree to this offer, please sign this letter in duplicate and
+    return it to:
+  </p>
+  <contact>
+    <name>
+      <company_legal_rep/>
+    </name>
+    <address>
+      <company_long/>
+      <br/>Overdiemerweg 28<br/>1111 PP Diemen
+    </address>
     <email>melanie@radicallyopensecurity.com</email>
-</contact>
-    <generate_offer_signature_box/>
-    </section>
\ No newline at end of file
+  </contact>
+  <generate_offer_signature_box/>
+</section>
\ No newline at end of file
diff --git a/xml/source/snippets/offerte/en/crystal-box.xml b/xml/source/snippets/offerte/en/crystal-box.xml
index b468c51..6bccbd4 100644
--- a/xml/source/snippets/offerte/en/crystal-box.xml
+++ b/xml/source/snippets/offerte/en/crystal-box.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?><!--snippet -->
+<?xml version="1.0" encoding="UTF-8"?>
 <section id="crystalboxing">
   <title>The Crystal-Box Pentesting Method</title>
   <p>
@@ -20,4 +20,4 @@
     crystal-box pentesting fits naturally hand-in-hand with the "Peek Over Our
     Shoulder" option that <company_short/> offers to <client_short/>.
   </p>
-</section><!-- end of template -->
+</section>
diff --git a/xml/source/snippets/offerte/en/disclaimer.xml b/xml/source/snippets/offerte/en/disclaimer.xml
index 0215784..6297971 100644
--- a/xml/source/snippets/offerte/en/disclaimer.xml
+++ b/xml/source/snippets/offerte/en/disclaimer.xml
@@ -7,7 +7,6 @@
     <company_short/>, instead, has an obligation to make reasonable efforts (in
     Dutch: “<i>inspanningsverplichting</i>”) to perform the agreed services.
   </p>
-
   <p>
     <company_short/> and <client_short/>
     agree to take reasonable measures to maintain the confidentiality of
diff --git a/xml/source/snippets/offerte/en/disclaimer_code-audit.xml b/xml/source/snippets/offerte/en/disclaimer_code-audit.xml
index 8168427..a274bb5 100644
--- a/xml/source/snippets/offerte/en/disclaimer_code-audit.xml
+++ b/xml/source/snippets/offerte/en/disclaimer_code-audit.xml
@@ -8,11 +8,8 @@
     <company_short/>, instead, has an obligation to make reasonable efforts (in
     Dutch: “<i>inspanningsverplichting</i>”) to perform the agreed services.
   </p>
-
   <p>
-    <company_short/>
-    and
-    <client_short/>
+    <company_short/> and <client_short/>
     agree to take reasonable measures to maintain the confidentiality of
     information and any personal data they gain access to in the course of
     performing the code audit. Both parties will use the information and data
diff --git a/xml/source/snippets/offerte/en/examplewaiver.xml b/xml/source/snippets/offerte/en/examplewaiver.xml
index f86b794..215aef8 100644
--- a/xml/source/snippets/offerte/en/examplewaiver.xml
+++ b/xml/source/snippets/offerte/en/examplewaiver.xml
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section id="waiver-example">
   <title>ANNEX 2 Example Pentest Waiver</title>
-
   <p>
     <b><i>(Full Client Name)</i> (“<i>(Client)</i>”)</b>, with its registered
     office at Somestreet, Somecity, Earth, Milkyway, and duly represented by
diff --git a/xml/source/snippets/offerte/en/grey-box.xml b/xml/source/snippets/offerte/en/grey-box.xml
index a73f17f..42722a9 100644
--- a/xml/source/snippets/offerte/en/grey-box.xml
+++ b/xml/source/snippets/offerte/en/grey-box.xml
@@ -2,13 +2,13 @@
 <section id="greyboxing">
   <title>The Grey-Box Pentesting Method</title>
   <p>
-    <!--snippet -->Crystal-Box vs. Black-Box pentesting refers to the amount of
-    information regarding the target environment, architecture, and/or
-    applications that is initially shared by the customer with the pentesters.
-    With Black-Box testing, pentesters are given no information whatsoever about
-    the target(s). With Crystal-Box testing, pentesters are given all
-    information requested about the target(s), including source-code (when
-    relevant), access to developers or system management, etc..
+    Crystal-Box vs. Black-Box pentesting refers to the amount of information
+    regarding the target environment, architecture, and/or applications that is
+    initially shared by the customer with the pentesters. With Black-Box
+    testing, pentesters are given no information whatsoever about the target(s).
+    With Crystal-Box testing, pentesters are given all information requested
+    about the target(s), including source-code (when relevant), access to
+    developers or system management, etc..
   </p>
   <p>
     <company_short/>
diff --git a/xml/source/snippets/offerte/en/introandscope.xml b/xml/source/snippets/offerte/en/introandscope.xml
index bb8c684..d4f1a64 100644
--- a/xml/source/snippets/offerte/en/introandscope.xml
+++ b/xml/source/snippets/offerte/en/introandscope.xml
@@ -1,12 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
   <title>Introduction</title>
-  <p><client_long/> (hereafter “<b><client_short/></b>”), with its registered office
-  at <client_street/>, <client_city/>, <client_country/>, has requested <company_long/>
-  (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.
-  The motivation for this request is that <client_short/> wishes to get a better
-  insight into ...</p>
+  <p>
+    <client_long/> (hereafter “<b><client_short/></b>”), with its registered office at
+    <client_street/>, <client_city/>, <client_country/>, has requested <company_long/>
+    (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.
+  </p>
+  <p>
+    The motivation for this request is that <client_short/> wishes to gain better
+    insight into ...
+  </p>
 
-  <p>This offer sets out the scope of the work and the terms and conditions under
-  which <company_short/> will perform these services.</p>
+  <p>This offer sets out the scope of the work and the terms and conditions
+    under which <company_short/> will perform these services.
+  </p>
 </section>
\ No newline at end of file
diff --git a/xml/source/snippets/offerte/en/introandscope_retest.xml b/xml/source/snippets/offerte/en/introandscope_retest.xml
index ccc5971..143569d 100644
--- a/xml/source/snippets/offerte/en/introandscope_retest.xml
+++ b/xml/source/snippets/offerte/en/introandscope_retest.xml
@@ -4,11 +4,12 @@
   <p>
     <client_long/> (hereafter “<b><client_short/></b>”), with its registered office at
     <client_street/>, <client_city/>, <client_country/>, has requested <company_long/>
-    (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.</p>
-    <p>The motivation for this request is that <client_short/> has had a recent penetration
-      test done by <company_short/> and wishes to check that the vulnerabilities found
-      have been mitigated.
-    </p>
+    (hereafter “<b><company_short/></b>”) to perform <company_svc_long/>.
+  </p>
+  <p>The motivation for this request is that <client_short/> has had a recent penetration
+    test done by <company_short/> and wishes to check that the vulnerabilities found
+    have been mitigated.
+  </p>
 
   <p>This offer sets out the scope of the work and the terms and conditions
     under which <company_short/> will perform these services.
diff --git a/xml/source/snippets/offerte/en/methodology_code-audit.xml b/xml/source/snippets/offerte/en/methodology_code-audit.xml
index 02b24cf..5530cf7 100644
--- a/xml/source/snippets/offerte/en/methodology_code-audit.xml
+++ b/xml/source/snippets/offerte/en/methodology_code-audit.xml
@@ -10,8 +10,8 @@
     impact on the Confidentiality, Integrity and Availability (CIA) of the
     system. We will describe how an attacker would exploit the vulnerability and
     suggest ways of fixing it.
-    <br/>
-    This requires an extensive knowledge of the platform the application is
+  </p>
+  <p>This requires an extensive knowledge of the platform the application is
     running on, as well as the extensive knowledge of the language the
     application in written in and patterns that have been used. Therefore a code
     audit done by highly-trained specialists with a strong background in
@@ -21,7 +21,7 @@
     During the code audit, we take the following approach:
   </p>
   <ol>
-    <li>Thorough comprehension of functionality
+    <li><b>Thorough comprehension of functionality</b>
       <br/>
       We try to get a thorough comprehension of how the application works and
       how it interacts with the user and other systems. Having detailed
@@ -29,7 +29,7 @@
       documentation) at this stage is very helpful, as they aid the
       understanding of the application
     </li>
-    <li>Static analysis
+    <li><b>Static analysis</b>
       <br/>
       Using the understanding we gained in the previous step, we will use static
       code analysis to uncover any vulnerabilities. Static analysis means the
@@ -47,7 +47,7 @@
       assessing the quality of the security measures.
     </li>
 
-    <li>Dynamic analysis
+    <li><b>Dynamic analysis</b>
       <br/>
       Dynamic analysis can also be performed. In this case, the program is run
       and actively exploited by the specialist. This is usually done to confirm
diff --git a/xml/source/snippets/offerte/en/methodology_load-test.xml b/xml/source/snippets/offerte/en/methodology_load-test.xml
index a4e325f..109b8f7 100644
--- a/xml/source/snippets/offerte/en/methodology_load-test.xml
+++ b/xml/source/snippets/offerte/en/methodology_load-test.xml
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-  <!-- for an example load testing offer, ask other writers!-->
   <title>Load testing</title>
   <p>The aim of load testing is to measure what realistic level of performance a
     service deployment is capable of delivering, or whether it meets a specific
diff --git a/xml/source/snippets/offerte/en/planningandpayment.xml b/xml/source/snippets/offerte/en/planningandpayment.xml
index 19b2d1b..3fc5918 100644
--- a/xml/source/snippets/offerte/en/planningandpayment.xml
+++ b/xml/source/snippets/offerte/en/planningandpayment.xml
@@ -1,10 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
   <title>Planning and Payment</title>
-  <p><company_short/> will uphold the following dates for the planning of the services:</p>
+  <p>
+    <company_short/>
+    will uphold the following dates for the planning of the services:
+  </p>
   <ul>
-      <li><company_short/> performs a <company_svc_short/> on <p_testingduration/>.</li>
-      <li><company_short/> delivers the final report <p_reportdue/>.</li>
+    <li><company_short/> performs a <company_svc_short/> on <p_testingduration/>.</li>
+    <li><company_short/> delivers the final report <p_reportdue/>.</li>
   </ul>
   <p>
     Our fixed-fee price quote for the above described <company_svc_short/> is <p_fee/>.-
diff --git a/xml/source/snippets/offerte/en/prerequisites.xml b/xml/source/snippets/offerte/en/prerequisites.xml
index 5791d75..5302d85 100644
--- a/xml/source/snippets/offerte/en/prerequisites.xml
+++ b/xml/source/snippets/offerte/en/prerequisites.xml
@@ -2,7 +2,7 @@
 <section>
   <title>Prerequisites</title>
   <p>In order to perform this audit, <company_short/> will need access to:</p>
-    <!--Example of most common scenario, change if necessary!! :-->
+    <!-- Example of most common scenario, change as necessary -->
   <ul>
     <li>Test accounts</li>
     <li>Test environment</li>
diff --git a/xml/source/snippets/offerte/en/prerequisites_training.xml b/xml/source/snippets/offerte/en/prerequisites_training.xml
index 4d13029..8ff8527 100644
--- a/xml/source/snippets/offerte/en/prerequisites_training.xml
+++ b/xml/source/snippets/offerte/en/prerequisites_training.xml
@@ -2,7 +2,7 @@
 <section>
   <title>Prerequisites</title>
   <p>In order to provide training, <company_short/> will need to:</p>
-    <!--Example of most common scenario, change if necessary!! :-->
+    <!-- Example of most common scenario, change if necessary -->
   <ul>
     <li>Develop training materials</li>
     <li>Book an appropriate venue</li>
diff --git a/xml/source/snippets/offerte/en/projectoverview.xml b/xml/source/snippets/offerte/en/projectoverview.xml
index 4aa5cab..b026cd7 100644
--- a/xml/source/snippets/offerte/en/projectoverview.xml
+++ b/xml/source/snippets/offerte/en/projectoverview.xml
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-  <!-- section with an overview of ROS activities -->
   <title>Project Overview</title>
   <p>
     <company_short/> will perform <company_svc_long/> for <client_short/>
diff --git a/xml/source/snippets/offerte/en/projectoverview_retest.xml b/xml/source/snippets/offerte/en/projectoverview_retest.xml
index 948b027..082103e 100644
--- a/xml/source/snippets/offerte/en/projectoverview_retest.xml
+++ b/xml/source/snippets/offerte/en/projectoverview_retest.xml
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
-  <!-- section with an overview of ROS activities -->
   <title>Project Overview</title>
   <p>
     <company_short/> will perform <company_svc_long/> for <client_short/>
diff --git a/xml/source/snippets/offerte/en/projectoverview_training.xml b/xml/source/snippets/offerte/en/projectoverview_training.xml
index 7d26efc..33f9f37 100644
--- a/xml/source/snippets/offerte/en/projectoverview_training.xml
+++ b/xml/source/snippets/offerte/en/projectoverview_training.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <section>
   <title>Project Overview
-  </title><!-- section with an overview of ROS activities -->
+  </title>
   <p>
     <company_short/>
     will provide xxx training sessions, for xxx different groups,
diff --git a/xml/source/snippets/offerte/en/teamandreporting.xml b/xml/source/snippets/offerte/en/teamandreporting.xml
index 17dad5b..841fc5b 100644
--- a/xml/source/snippets/offerte/en/teamandreporting.xml
+++ b/xml/source/snippets/offerte/en/teamandreporting.xml
@@ -20,7 +20,6 @@
     <!-- remove this for non pentesting offers-->
     <p>The workflow of our penetration testing team is modeled on that of a
       Capture The Flag (CTF) team:
-      <!-- remove this for non pentesting offers-->
 
       <company_long/> has a geographically distributed team and we use online
       infrastructure (RocketChat, GitLabs, etc.) to coordinate our work. This
diff --git a/xml/source/snippets/offerte/en/waiver.xml b/xml/source/snippets/offerte/en/waiver.xml
index b598401..afa10a0 100644
--- a/xml/source/snippets/offerte/en/waiver.xml
+++ b/xml/source/snippets/offerte/en/waiver.xml
@@ -1,78 +1,85 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <waivers>
-    <standard_waiver>
-        <title><company_svc_short/> - WAIVER</title>
+  <standard_waiver>
+    <title>
+      <company_svc_short/>
+      - WAIVER
+    </title>
 
-        <p><b><i><signee_long/></i> (<i><signee_short/></i>)</b>, with its registered office at <signee_street/>,
-            <signee_city/>, <signee_country/> and duly represented by <b><signee_waiver_rep/></b></p>
+    <p>
+      <b><i><signee_long/></i> (<i><signee_short/></i>)</b>, with its registered office at
+      <signee_street/>, <signee_city/>, <signee_country/> and duly represented by
+      <b><signee_waiver_rep/></b>
+    </p>
 
-        <p>
-            <b>WHEREAS:</b>
-        </p>
+    <p>
+      <b>WHEREAS:</b>
+    </p>
 
-<p>A. <client_short/> wants some of its systems to be tested,
-                            <company_long/> (“<company_short/>”) has offered to perform
-                        such testing for <client_short/> and
-                            <client_short/> has accepted this offer.
-                        The assignment will be performed by <company_short/>' core-team members, external
-                        freelancers, and/or volunteers (the “Consultants”).</p>
-                    <p>B. Some of the activities performed by
-                            <company_short/> and the
-                        Consultants during the course of this assignment could be considered
-                        illegal, unless <signee_short/> has given permission for
-                        these activities. <company_short/>
-                        and the Consultant will only perform such activities if they have received
-                        the required permission.</p>
-                    <p>C. <signee_short/> is
-                        willing to give such permission to <company_short/>, the Consultants and any
-                        other person <company_short/> might
-                        employ or engage for the assignment.</p>
-                    <p>
-                        <b>DECLARES AS FOLLOWS:</b>
-                    </p>
-                    <p>1. <signee_short/> is
-                        aware that <company_short/> will
-                        perform <company_svc_long/> of the
-                        following systems of <signee_short/>, as described
-                        below. The services are intended to gain insight in the security of these
-                        systems. To do so, <company_short/>
-                        will access these systems, attempt to find vulnerabilities and gain further
-                        access and elevated privileges by exploiting any vulnerabilities found.
-                            <company_short/> will test the
-                        following targets (the “<b>Targets</b>”):</p>
-                    <generate_targets/>
-                    <p>2. <signee_short/>
-                        hereby grants <company_short/> and
-                        the Consultants on a date to be confirmed by email the broadest permission
-                        possible to perform the assignment, including the permission to:</p>
-                    <p>a. enter and use the Targets;</p>
-                    <p>b. circumvent, breach, remove and turn off
-                        any security measures protecting the Targets;</p>
-                    <p>c. copy, intercept, record, amend, delete,
-                        render unusable or inaccessible any data stored on, processed by or
-                        transferred via the Targets; and</p>
-                    <p>d. hinder the access or use of the
-                        Targets,</p>
-                    <p>but <signee_short/>
-                        only grants the permission for these activities to the extent that (i) such
-                        activities are necessary to perform the assignment and (ii) such activities
-                        do not disrupt the normal business operations of <signee_short/>.</p>
-                    <p>3. The permission under Article 1 extends
-                        to all systems on which the Targets run, or which <company_short/> or the Consultant might
-                        encounter while performing the assignment, regardless of whether these
-                        systems are owned by third parties.</p>
-                    <p>4. <signee_short/>
-                        warrants that it has the legal authority to give the permission set out
-                        under Articles 1 and 2. It also warrants it has obtained the necessary
-                        permissions from any third parties referred to under Article 3.</p>
-                    <p>5. Should the public prosecutor initiate an
-                        investigation or criminal proceedings against <company_short/> or any of the consultants it
-                        engaged or employed as a result of the performance of the assignment for the
-                        customer, then <signee_short/> will co-operate fully
-                        with <company_short/> in defending
-                        against this investigation or proceedings, including by providing any
-                        evidence it has which relates to this investigation or these
-                        proceedings.</p>
-
-    </standard_waiver>
+    <p>A. <client_short/> wants some of its systems to be tested,
+      <company_long/> (“<company_short/>”) has offered to perform such testing for
+      <client_short/> and <client_short/> has accepted this offer.
+      The assignment will be performed by <company_short/>' core-team members,
+      external freelancers, and/or volunteers (the “Consultants”).
+    </p>
+    <p>B. Some of the activities performed by <company_short/>
+      and the Consultants during the course of this assignment could be
+      considered illegal, unless <signee_short/>
+      has given permission for these activities.
+      <company_short/> and the Consultant will only perform such activities if they
+      have received the required permission.
+    </p>
+    <p>C. <signee_short/> is willing to give such permission to <company_short/>,
+      the Consultants and any other person <company_short/> might employ or engage for
+      the assignment.
+    </p>
+    <p>
+      <b>DECLARES AS FOLLOWS:</b>
+    </p>
+    <p>1. <signee_short/> is aware that <company_short/> will perform
+      <company_svc_long/> of the following systems of <signee_short/>, as described
+      below. The services are intended to gain insight in the security of these systems.
+      To do so, <company_short/> will access these systems, attempt to find
+      vulnerabilities and gain further access and elevated privileges by exploiting
+      any vulnerabilities found. <company_short/> will test the following targets
+      (the “<b>Targets</b>”):
+    </p>
+    <generate_targets/>
+    <p>2. <signee_short/> hereby grants <company_short/>
+      and the Consultants on a date to be confirmed by email the broadest
+      permission possible to perform the assignment, including the permission
+      to:
+    </p>
+    <p>a. enter and use the Targets;</p>
+    <p>b. circumvent, breach, remove and turn off any security measures
+      protecting the Targets;
+    </p>
+    <p>c. copy, intercept, record, amend, delete, render unusable or
+      inaccessible any data stored on, processed by or transferred via the
+      Targets; and
+    </p>
+    <p>d. hinder the access or use of the Targets,</p>
+    <p>but <signee_short/> only grants the permission for these activities to the
+      extent that (i) such activities are necessary to perform the assignment and
+      (ii) such activities do not disrupt the normal business operations of
+      <signee_short/>.
+    </p>
+    <p>3. The permission under Article 1 extends to all systems on which the
+      Targets run, or which <company_short/> or the Consultant might encounter
+      while performing the assignment, regardless of whether these systems are
+      owned by third parties.
+    </p>
+    <p>4. <signee_short/> warrants that it has the legal authority to give the
+      permission set out under Articles 1 and 2. It also warrants it has obtained
+      the necessary permissions from any third parties referred to under Article 3.
+    </p>
+    <p>5. Should the public prosecutor initiate an investigation or criminal
+      proceedings against <company_short/> or any of the consultants it engaged or
+      employed as a result of the performance of the assignment for the customer,
+      then <signee_short/> will co-operate fully with <company_short/>
+      in defending against this investigation or proceedings, including by
+      providing any evidence it has which relates to this investigation or these
+      proceedings.
+    </p>
+  </standard_waiver>
 </waivers>
diff --git a/xml/source/snippets/offerte/nl/crystal-box.xml b/xml/source/snippets/offerte/nl/crystal-box.xml
index 00e7579..d153cfa 100644
--- a/xml/source/snippets/offerte/nl/crystal-box.xml
+++ b/xml/source/snippets/offerte/nl/crystal-box.xml
@@ -1,18 +1,22 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--snippet -->
-<div><p>
-  Crystal-Box vs. Black-Box pentesting verwijst naar de hoeveelheid 
-  informatie over de doelwit omgeving, architectuur, en/of applicaties die de klant 
-  in eerste instantie deelt met de pentesters. Bij Black-Box testing ontvangen de 
-  pentester helemaal geen informatie over het doelwit. Bij Crystal-Box tests 
-  ontvangen de pentesters alle informatie die opgevraagd wordt betreffende het doelwit, 
-  inclusief source code (wanneer dit relevant is), toegang tot developers of systeembeheer, etc...
-</p>
-<p>
-  <company_short/> zal een Crystal-box pentest uitvoeren - de methode die onze voorkeur heeft. 
-  In tegenstelling tot "echte" hackers, die alle tijd van de wereld hebben, 
-  vinden pentests plaats in een beperkt tijdsbestek. Crystal-box pentesting biedt ons 
-  de mogelijkheid om onze tijd zo efficiënt mogelijk te gebruiken, waardoor het maximale aantal kwetsbaarheden kan worden gevonden. 
-  Daarnaast sluit de Crystal-box pentest het beste aan bij de "meekijk"-optie die <company_short/> <client_short/> biedt.
-</p></div>
-<!-- end of template -->
+<div>
+  <p>
+    Crystal-Box vs. Black-Box pentesting verwijst naar de hoeveelheid informatie
+    over de doelwit omgeving, architectuur, en/of applicaties die de klant in
+    eerste instantie deelt met de pentesters. Bij Black-Box testing ontvangen de
+    pentester helemaal geen informatie over het doelwit. Bij Crystal-Box tests
+    ontvangen de pentesters alle informatie die opgevraagd wordt betreffende het
+    doelwit, inclusief source code (wanneer dit relevant is), toegang tot
+    developers of systeembeheer, etc...
+  </p>
+  <p>
+    <company_short/>
+    zal een Crystal-box pentest uitvoeren - de methode die onze voorkeur heeft.
+    In tegenstelling tot "echte" hackers, die alle tijd van de wereld hebben,
+    vinden pentests plaats in een beperkt tijdsbestek. Crystal-box pentesting
+    biedt ons de mogelijkheid om onze tijd zo efficiënt mogelijk te gebruiken,
+    waardoor het maximale aantal kwetsbaarheden kan worden gevonden. Daarnaast
+    sluit de Crystal-box pentest het beste aan bij de "meekijk"-optie die
+    <company_short/> <client_short/> biedt.
+  </p>
+</div>