You mention pages being tagged as malware, with 0% chance of being a false positive. Yet the flagged code is simply a small bit of regex commented out, which could not possibly be malware.
Note: Currently the scanner examines only the patterns in the code and doesn’t take account of it being commented out.