⏫ Forwardport of #12639 to 2.3-develop branch

Applied pull request patch https://github.com/magento/magento2/pull/12639.patch (created by @mzeis) based on commit(s):
  1. 93ec6ea

Author: magento-engcom-team

dev/tests/static/testsuite/Magento/Test/Php/XssPhtmlTemplateTest.php

@@ -27,16 +27,14 @@ public function testXssSensitiveOutput()
              * Static test will cover the following cases:
              *
              * 1. /\* @noEscape \*\/ before output. Output doesn't require escaping. Test is green.
-             * 2. /\* @escapeNotVerified \*\/ before output. Output escaping is not checked and
-             *    should be verified. Test is green.
-             * 3. Methods which contains "html" in their names (e.g. echo $object->{suffix}Html{postfix}() ).
+             * 2. Methods which contains "html" in their names (e.g. echo $object->{suffix}Html{postfix}() ).
              *    Data is ready for the HTML output. Test is green.
-             * 4. AbstractBlock methods escapeHtml, escapeUrl, escapeQuote, escapeXssInUrl are allowed. Test is green.
-             * 5. Type casting and php function count() are allowed
+             * 3. AbstractBlock methods escapeHtml, escapeUrl, escapeQuote, escapeXssInUrl are allowed. Test is green.
+             * 4. Type casting and php function count() are allowed
              *    (e.g. echo (int)$var, echo (float)$var, echo (bool)$var, echo count($var)). Test is green.
-             * 6. Output in single quotes (e.g. echo 'some text'). Test is green.
-             * 7. Output in double quotes without variables (e.g. echo "some text"). Test is green.
-             * 8. Other of p.1-7. Output is not escaped. Test is red.
+             * 5. Output in single quotes (e.g. echo 'some text'). Test is green.
+             * 6. Output in double quotes without variables (e.g. echo "some text"). Test is green.
+             * 7. Other of p.1-6. Output is not escaped. Test is red.
              *
              * @param string $file
              */