After thinking about this a little bit, I guess that the proper way to ensure that your comments are properly escaped, is by doing something like this:
$the_comment = get_comment_text(); echo '<p>' . esc_html($the_comment) . '</p>';
Instead of simply using the function like this:
Why even have these handy functions in the first place, if they aren’t properly escaped? The
comment_author(); function IS, yet this is not for some reason?
Perhaps I am missing something?