docs: `http://...`

docs/installation.rst

@@ -162,8 +162,8 @@ and :command:`python` which will run those things, but this might not automatica
 on Windows, because it doesn't know where those executables are (give either a try!).
 
 To fix this, you should be able to navigate to your Python install directory
-(e.g ``C:\Python27``), then go to ``Tools``, then ``Scripts``; then find the
-``win_add2path.py`` file and run that. Open a **new** Command Prompt and
+(e.g :file:`C:\Python27`), then go to :file:`Tools`, then :file:`Scripts`; then find the
+:file:`win_add2path.py` file and run that. Open a **new** Command Prompt and
 check that you can now just type :command:`python` to bring up the interpreter.
 
 Finally, to install `virtualenv`_, you can simply run::

docs/security.rst

@@ -25,7 +25,7 @@ careful:
 -   generating HTML without the help of Jinja2
 -   calling :class:`~flask.Markup` on data submitted by users
 -   sending out HTML from uploaded files, never do that, use the
-    `Content-Disposition: attachment` header to prevent that problem.
+    ``Content-Disposition: attachment`` header to prevent that problem.
 -   sending out textfiles from uploaded files.  Some browsers are using
     content-type guessing based on the first few bytes so users could
     trick a browser to execute HTML.
@@ -71,7 +71,7 @@ application's users with social engineering to do stupid things without
 them knowing.
 
 Say you have a specific URL that, when you sent ``POST`` requests to will
-delete a user's profile (say `http://example.com/user/delete`).  If an
+delete a user's profile (say ``http://example.com/user/delete``).  If an
 attacker now creates a page that sends a post request to that page with
 some JavaScript they just has to trick some users to load that page and
 their profiles will end up being deleted.