fixing minor security issues

app-code/api/account/update_passkey.php

@@ -10,6 +10,11 @@ secure_session_start();
 require_same_origin_request();
 require_csrf_token();
 
+function print_json_response($data): void
+{
+    print(htmlentities(json_encode($data, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT), ENT_NOQUOTES, 'UTF-8'));
+}
+
 // Assuming you've already established a database connection here
 include "../../config/config.php";
 $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
@@ -104,7 +109,7 @@ try {
         $createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment);
 
         header('Content-Type: application/json');
-        print(json_encode($createArgs));
+        print_json_response($createArgs);
 
         // save challange to session. you have to deliver it to processGet later.
         $_SESSION['challenge'] = $WebAuthn->getChallenge();
@@ -138,7 +143,7 @@ try {
         $getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification);
 
         header('Content-Type: application/json');
-        print(json_encode($getArgs));
+        print_json_response($getArgs);
 
         // save challange to session. you have to deliver it to processGet later.
         $_SESSION['challenge'] = $WebAuthn->getChallenge();