[HttpFoundation] Make JsonResponse HTML safe.

src/Symfony/Component/HttpFoundation/JsonResponse.php

@@ -82,7 +82,8 @@ class JsonResponse extends Response
             $data = new \ArrayObject();
         }
 
-        $this->data = json_encode($data);
+        // Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
+        $this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
 
         return $this->update();
     }