diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index 7f962abe7ba..b4a48d74028 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -1002,11 +1002,10 @@ function _file_save_upload_single(\SplFileInfo $file_info, $form_field_name, $va
     // rename filename.php.foo and filename.php to filename.php_.foo_.txt and
     // filename.php_.txt, respectively).
     if (preg_match(FILE_INSECURE_EXTENSION_REGEX, $file->getFilename())) {
-      // If there is no file extension validation at all, or allows the 'txt'
-      // extension and the file would otherwise pass validation, rename it. If
-      // the file will be rejected anyway due to a disallowed extension, it
-      // should not be renamed; rather, let file_validate_extensions() reject it
-      // below.
+      // If there is no file extension validation at all, or .txt is considered
+      // a valid extension and the file would otherwise pass validation, rename
+      // it. If the file will be rejected due extension validation, it should
+      // not be renamed; rather, let file_validate_extensions() reject it below.
       if (!isset($validators['file_validate_extensions']) || (preg_match('/\btxt\b/', $extensions) && empty(file_validate_extensions($file, $extensions)))) {
         $file->setMimeType('text/plain');
         $filename = $file->getFilename();
diff --git a/core/modules/file/file.post_update.php b/core/modules/file/file.post_update.php
index 2f30a84ec9a..707bb4e6b2e 100644
--- a/core/modules/file/file.post_update.php
+++ b/core/modules/file/file.post_update.php
@@ -27,7 +27,7 @@ function file_post_update_add_txt_if_allows_insecure_extensions(&$sandbox = NULL
         return FALSE;
       }
       foreach ($allowed_extensions as $extension) {
-        // If any insecure extension is allowed, add the 'txt' extension.
+        // Allow .txt if an insecure extension is allowed.
         if (preg_match(FILE_INSECURE_EXTENSION_REGEX, 'test.' . $extension)) {
           $allowed_extensions_string .= ' txt';
           $field->setSetting('file_extensions', $allowed_extensions_string);
diff --git a/core/modules/file/tests/src/Functional/FileFieldWidgetTest.php b/core/modules/file/tests/src/Functional/FileFieldWidgetTest.php
index af8000dcc15..3162afe3d80 100644
--- a/core/modules/file/tests/src/Functional/FileFieldWidgetTest.php
+++ b/core/modules/file/tests/src/Functional/FileFieldWidgetTest.php
@@ -483,7 +483,7 @@ public function testFileExtensionsSetting() {
     $field = FieldConfig::loadByName('node', $type_name, $field_name);
     $field_id = $field->id();
 
-    // By default allowing .php files without txt is not permitted.
+    // By default allowing .php files without .txt is not permitted.
     $this->drupalGet("admin/structure/types/manage/$type_name/fields/$field_id");
     $edit = ['settings[file_extensions]' => 'jpg php'];
     $this->submitForm($edit, 'Save settings');
diff --git a/core/modules/jsonapi/tests/src/Functional/FileUploadTest.php b/core/modules/jsonapi/tests/src/Functional/FileUploadTest.php
index 1f84f9d298f..39299b4a54a 100644
--- a/core/modules/jsonapi/tests/src/Functional/FileUploadTest.php
+++ b/core/modules/jsonapi/tests/src/Functional/FileUploadTest.php
@@ -696,8 +696,8 @@ public function testFileUploadMaliciousExtension() {
     $this->assertResponseData($expected, $response);
     $this->assertFileExists('public://foobar/example_6.cgi_.png_.txt');
 
-    // Add php as an allowed format without txt. Allow insecure uploads still
-    // being FALSE should not allow this.
+    // Add .php as an allowed extension without .txt. Since insecure uploads are
+    // are not allowed, .php files will be rejected.
     $this->field->setSetting('file_extensions', 'php')->save();
     $this->rebuildAll();
 
diff --git a/core/modules/rest/tests/src/Functional/FileUploadResourceTestBase.php b/core/modules/rest/tests/src/Functional/FileUploadResourceTestBase.php
index 3bbc392afd9..dea1d2e0640 100644
--- a/core/modules/rest/tests/src/Functional/FileUploadResourceTestBase.php
+++ b/core/modules/rest/tests/src/Functional/FileUploadResourceTestBase.php
@@ -592,8 +592,8 @@ public function testFileUploadMaliciousExtension() {
     $this->assertResponseData($expected, $response);
     $this->assertFileExists('public://foobar/example_6.cgi_.png_.txt');
 
-    // Add php as an allowed format without txt. Allow insecure uploads still
-    // being FALSE should not allow this.
+    // Add .php as an allowed extension without .txt. Since insecure uploads are
+    // are not allowed, .php files will be rejected.
     $this->field->setSetting('file_extensions', 'php')->save();
     $this->refreshTestStateAfterRestConfigChange();