[SECURITY] Remove possible XSS from ActionController Error output
The errorAction method in the ActionController base class of Flow
returns error messages without properly encoding them. Because these
error messages can contain user input, this could lead to a Cross-Site
Scripting vulnerability in Flow driven applications.
The offending output has been removed without substitution.
Hint: If you have customized the error action in your Flow application,
we advise you to check that the error messages returned in these actions
only contain static strings and are not derived from any kind of user
input. If you are not sure whether your code is fine in that regard,
feel free to ask on a public mailing list or the forum.
Releases: master, 2.1, 2.0, 1.1