--------------------
Bug fixes:
- Fixed stored XSS in folder contents.
From the `PloneHotfix20210518 contents fix <https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents>`_.
[maurits] (3274)
- Fixed stored XSS from user fullname and possibly other places where ``getVocabulary`` is called.
This is an alternative to the ``plone.app.users`` workaround from the `PloneHotfix20210518 fullname fix <https://plone.org/security/hotfix/20210518/stored-xss-from-user-fullname>`_.
It looks like Plone 6 is not vulnerable, but this change makes sure.
[maurits] (3274)