diff --git a/core/lib/Drupal/Core/Render/Element/HtmlTag.php b/core/lib/Drupal/Core/Render/Element/HtmlTag.php
index 1d27eac..033e70a 100644
--- a/core/lib/Drupal/Core/Render/Element/HtmlTag.php
+++ b/core/lib/Drupal/Core/Render/Element/HtmlTag.php
@@ -184,8 +184,9 @@ public static function preRenderConditionalComments($element) {
       $suffix = Xss::filterAdmin($suffix);
     }
 
-    // We ensured earlier in this method that $expression, $prefix and $suffix
-    // were at least admin escaped, so now calling SafeString::create() is safe.
+    // We ensured above that $expression is either a string we created or is
+    // admin XSS filtered, and that $prefix and $suffix are also admin XSS
+    // filtered if they are unsafe. Thus, all these strings are safe.
     if (!$browsers['!IE']) {
       // "downlevel-hidden".
       $element['#prefix'] = SafeString::create("\n<!--[if $expression]>\n" . $prefix);