http://feedproxy.google.com/~r/Securityweek/~3/7Ab7kv2k3Gs/restriction-bypass-xss-flaws-patched-drupal-8