ACDEV-1158: Escape HTML error responses
Patrick Streule
Branch: ACDEV-1158-html-escape-error-responses
Branch: 0.9.x
Merged
Merged pull request
Merged in ACDEV-1158-html-escape-error-responses (pull request #43)
Merged in ACDEV-1158-html-escape-error-responses (pull request #43)
First I thought we could just change the content type for these responses to
text/plain
. But there is still a certain risk that browsers (especially older IEs) try to be smart and render the content as html.So errors keep the
text/html
content type and the returned contents are being escaped.