Merge branch '5.4' into 6.4

* 5.4:
  Fix XSS in example event dispatcher

Author: javiereguiluz

event_dispatcher.rst

@@ -41,6 +41,9 @@ The most common way to listen to an event is to register an **event listener**::
             // Customize your response object to display the exception details
             $response = new Response();
             $response->setContent($message);
+            // the exception message can contain unfiltered user input;
+            // set the content-type to text to avoid XSS issues
+            $response->headers->set('Content-Type', 'text/plain; charset=utf-8');
 
             // HttpExceptionInterface is a special type of exception that
             // holds status code and header details