Prevent XSS in fluid viewhelpern
There are some viewhelpers which miss to escape incoming variables and cause XSS entry points.
1. Set up a TYPO3 instance with current master
2. Include "fluid_stlyed_content" in root template
3. Create a content element of type "header"
4. Set the header field to "<script>alert('header xss');</script>"
5. Open page in frontend.