[SECURITY] XSS in header link of all content elements