How to escape html generate by a loop

I have the following code which is flagging a warning that I've been asked to fix by my theme reviewer.

WARNING All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$fontListStr'.

The $fontListStr in the warning message refers to the final line of the following code:

              foreach( $this-fontList as $key = $value ) {
            $fontCounter++;
            $fontListStr .= 'option value="' . esc_attr($value-family) . '" ' . selected( $this-fontValues-font, $value-family, false ) . '' . esc_html($value-family) . '/option';
            if ( $this-fontValues-font === $value-family ) {
              $isFontInList = true;
            }
            if ( is_int( $this-fontCount )  $fontCounter === $this-fontCount ) {
              break;
            }
          }
          if ( !$isFontInList  $this-fontListIndex ) {
            // If the default or saved font value isn't in the list of displayed fonts, add it to the top of the list as the default font
            $fontListStr = 'option value="' . esc_attr($this-fontList[$this-fontListIndex]-family) . '" ' . selected( $this-fontValues-font, $this-fontList[$this-fontListIndex]-family, false ) . '' . esc_html($this-fontList[$this-fontListIndex]-family) . ' (default)/option' . $fontListStr;
          }
          // Display our list of font options
          echo $fontListStr;

I can't for the life of me work out how to escape the final line of code without breaking the output. I actually don't understand why I need to either as I escape all potential vulnerabilities in the lines before.

Could you please help me escape this properly. Thanks