* Console:

- Fix several XSS issues (thx Aaron Portnoy of Exodus Intel)
  - Add Content-Security-Policy and X-XSS-Protection headers
  - Disable changing news feed URL from UI
  - Disable plugin install from UI
  - Disable setting unsigned update URL from UI
  - Disable /configadvanced
* DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit)
* ExecNamingService: Disable (thx joernchen of Phenoelit)
* Startup: Add susimail.config to migrated files

core/java/src/net/i2p/client/naming/ExecNamingService.java

@@ -57,6 +57,8 @@ public class ExecNamingService extends DummyNamingService {
      */
     public ExecNamingService(I2PAppContext context) {
         super(context);
+        // disable for now
+        throw new UnsupportedOperationException();
     }
     
     @Override

core/java/src/net/i2p/data/DataHelper.java

@@ -478,12 +478,14 @@ public class DataHelper {
                 String val = (String) entry.getValue();
                 if (name.contains("#") ||
                     name.contains("=") ||
+                    name.contains("\r") ||
                     name.contains("\n") ||
                     name.startsWith(";") ||
                     val.contains("#") ||
+                    val.contains("\r") ||
                     val.contains("\n")) {
                     if (iae == null)
-                        iae = new IllegalArgumentException("Invalid character (one of \"#;=\\n\") in key or value: \"" +
+                        iae = new IllegalArgumentException("Invalid character (one of \"#;=\\r\\n\") in key or value: \"" +
                                                            name + "\" = \"" + val + '\"');
                     continue;
                 }
@@ -1622,6 +1624,7 @@ public class DataHelper {
         if (orig == null) return "";
         String t1 = orig.replace('<', ' ');
         String rv = t1.replace('>', ' ');
+        rv = rv.replace("\"", "%22");
         return rv;
     }