Fix syntax in escaping comment

src/pages/development/security/cross-site-scripting.md

@@ -192,8 +192,8 @@ To check your .phtml template for XSS vulnerabilities, use the _Magento2.Securit
 This sniff finds all _echo_ calls in PHTML-templates and determines if the output is properly escaped.
 It covers the following cases:
 
--  `/_ @noEscape _/` before output. Output does not require escaping. Test is green.
--  `/_ @escapeNotVerified _/` before output. Output escaping is not checked and should be verified. Test is green.
+-  `/* @noEscape */` before output. Output does not require escaping. Test is green.
+-  `/* @escapeNotVerified */` before output. Output escaping is not checked and should be verified. Test is green.
 -  Methods which contain "html" in their names (for example echo $object->{suffix}Html{postfix}()). Data is ready for the HTML output. Test is green.
 -  AbstractBlock methods `escapeHtml`, `escapeHtmlAttr`, `escapeUrl`, `escapeJs` are allowed. Test is green.
 -  Type casting and php function `count()` are allowed (for example `echo (int)$var`, `(bool)$var`, `count($var)`). Test is green.