*SVN* * Don't call evalResponse() when an Ajax response has no Content-type header. Closes #7827. [Tobie Langel] * Automatically strip security delimiter comments from JSON strings before evaling them. The default delimiter is '/*-secure- ... */' or you can specify your own with the Prototype.JSONFilter regular expression. If you wrap your JSON response bodies in this delimiter on the server side, rogue external sites can't hijack potentially sensitive data via