security – Sanitizing comments or escaping comment_text()

After thinking about this a little bit, I guess that the proper way to ensure that your comments are properly escaped, is by doing something like this:

$the_comment = get_comment_text();
echo '<p>' . esc_html($the_comment) . '</p>'; 

Instead of simply using the function like this:


Why even have these handy functions in the first place, if they aren’t properly escaped? The comment_author(); function IS, yet this is not for some reason?

Perhaps I am missing something?