Merge pull request #145 from jlnarvaez/patch-3

Fix syntax in escaping comment
AdobeDocs · Jul 13, 2023 · 7f181d7 · 7f181d7
2 parents 43cc528 + 4ba45f8
commit 7f181d7
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/pages/development/security/cross-site-scripting.md b/src/pages/development/security/cross-site-scripting.md
@@ -192,8 +192,8 @@ To check your .phtml template for XSS vulnerabilities, use the _Magento2.Securit
 This sniff finds all _echo_ calls in PHTML-templates and determines if the output is properly escaped.
 It covers the following cases:
 
--  `/_ @noEscape _/` before output. Output does not require escaping. Test is green.
--  `/_ @escapeNotVerified _/` before output. Output escaping is not checked and should be verified. Test is green.
+-  `/* @noEscape */` before output. Output does not require escaping. Test is green.
+-  `/* @escapeNotVerified */` before output. Output escaping is not checked and should be verified. Test is green.
 -  Methods which contain "html" in their names (for example echo $object->{suffix}Html{postfix}()). Data is ready for the HTML output. Test is green.
 -  AbstractBlock methods `escapeHtml`, `escapeHtmlAttr`, `escapeUrl`, `escapeJs` are allowed. Test is green.
 -  Type casting and php function `count()` are allowed (for example `echo (int)$var`, `(bool)$var`, `count($var)`). Test is green.