(mvc) remove disableOutputCleansing, related to https://github.com/opnsense/core/issues/898

(cherry picked from commit 3c2aad98)

src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php

@@ -37,21 +37,6 @@ use OPNsense\Auth\AuthenticationFactory;
  */
 class ApiControllerBase extends ControllerRoot
 {
-    /**
-     * @var bool cleanse output before sending to client, be very careful to disable this (XSS).
-     */
-    private $cleanseOutput = true;
-
-    /**
-     * disable output cleansing.
-     * Prevents the framework from executing automatic XSS protection on all delivered json data.
-     * Be very careful to disable this, if content can't be guaranteed you might introduce XSS vulnerabilities.
-     */
-    protected function disableOutputCleansing()
-    {
-        $this->cleanseOutput = false;
-    }
-
     /**
      * parse raw json type content to POST data depending on content type
      * (only for api calls)
@@ -194,11 +179,7 @@ class ApiControllerBase extends ControllerRoot
             $data = $dispatcher->getReturnedValue();
             if (is_array($data)) {
                 $this->response->setContentType('application/json', 'UTF-8');
-                if ($this->cleanseOutput) {
-                    echo htmlspecialchars(json_encode($data), ENT_NOQUOTES);
-                } else {
-                    echo json_encode($data);
-                }
+                echo htmlspecialchars(json_encode($data), ENT_NOQUOTES);
             } else {
                 // output raw data
                 echo $data;