As it stands, the security of json_escape is a bit misleading. Clarifying that user-generated content must still be html_escaped if being inserted into the DOM via JQuery's html() method, since this is such a common use case.
Described here: #13073 (comment)
Amended json_escape comment to clarify that user-generated content mu…
…st still be html_escaped if being inserted ingot he DOM via JQuery's html() method.