Closing XSS Vulnerabilities
closes #476 (closed)
What does this MR do?
- closes a list of XSS vulnerabilities (see #472 (closed) )
- sets
Content-Type
header inxhr.php
andxhrapp.php
to prevent the browser from interpreting response as HTML
How confident are you it won't break things if deployed?
pretty
Links to related issues
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
joined #foodsharing-beta channel at https://slackin.yunity.org -
added an entry to CHANGELOG.md (description, merge request link, username(s))