diff --git a/javascript/ql/src/Security/CWE-079/examples/StoredXss.js b/javascript/ql/src/Security/CWE-079/examples/StoredXss.js
index 226cdced23d3..fe3c76ff1452 100644
--- a/javascript/ql/src/Security/CWE-079/examples/StoredXss.js
+++ b/javascript/ql/src/Security/CWE-079/examples/StoredXss.js
@@ -6,7 +6,7 @@ express().get('/list-directory', function(req, res) {
         var list = '<ul>';
         fileNames.forEach(fileName => {
             // BAD: `fileName` can contain HTML elements
-            list += '<li>' + fileName '</li>';
+            list += '<li>' + fileName + '</li>';
         });
         list += '</ul>'
         res.send(list);
diff --git a/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js b/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js
index 0a05c3a7d452..c7e9966c72fc 100644
--- a/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js
+++ b/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js
@@ -7,7 +7,7 @@ express().get('/list-directory', function(req, res) {
         var list = '<ul>';
         fileNames.forEach(fileName => {
             // GOOD: escaped `fileName` can not contain HTML elements
-            list += '<li>' + escape(fileName) '</li>';
+            list += '<li>' + escape(fileName) + '</li>';
         });
         list += '</ul>'
         res.send(list);