That's your web framework attempting to mitigate XSS attacks by HTML encoding the text rendered rather than rendering it verbatim.

You may want to use non-HTML highlighting tags in the hightlighting request to Elasticsearch, then replace these when HTML rendering with `<b>` tags.

---