Security fixes / Preview fix

[skerbis]

No description provided.

[Copilot]

Pull request overview

This PR addresses critical security vulnerabilities and fixes several bugs in the REDAXO Consent Manager addon. The changes focus on improving XSS protection through proper JSON encoding, fixing a method call error in fragment rendering, and sanitizing user inputs.

Changes:

• Security improvements: Input sanitization for URL parameters and proper JSON encoding with security flags to prevent XSS attacks
• Bug fix: Corrected fragment method call from subparse() to parse() to fix undefined method error
• Cleanup: Removed obsolete Namespace-Guide.md documentation file

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
package.yml	Version bump from 5.3.2 to 5.3.3
lib/Frontend.php	Added input sanitization for cid and v parameters; replaced manual string escaping with json_encode using security flags (JSON_HEX_TAG, JSON_HEX_APOS, JSON_HEX_AMP, JSON_HEX_QUOT) in both outputJavascript() and getJS() methods
fragments/ConsentManager/box.php	Fixed undefined method error by changing from subparse() to parse()
CHANGELOG.md	Added version 5.3.3 changelog entry documenting security fixes and bug fixes
Namespace-Guide.md	Removed obsolete migration guide for version 5.0 namespace changes

[Copilot]

The newline and carriage return replacements (lines 262-263) are now redundant since json_encode will properly handle these characters. The getJS() method correctly removed these lines, but outputJavascript() still includes them. While not harmful, these lines should be removed for consistency with the getJS() method and to avoid unnecessary processing since json_encode already handles newlines correctly.

Suggested change

	$boxtemplate = str_replace("\r", '', $boxtemplate);
	$boxtemplate = str_replace("\n", ' ', $boxtemplate);