diff --git a/src/gsad.c b/src/gsad.c
index 83e286854..3ee667877 100644
--- a/src/gsad.c
+++ b/src/gsad.c
@@ -163,10 +163,12 @@
"base-uri 'none'; " \
"connect-src 'self'; " \
"script-src 'self'; " \
+ "script-src-elem 'self' 'unsafe-inline';" \
"frame-ancestors 'none'; " \
"form-action 'self'; " \
"style-src-elem 'self' 'unsafe-inline'; " \
"style-src 'self' 'unsafe-inline'; " \
+ "font-src 'self';" \
"img-src 'self' blob:;"
/**
diff --git a/src/gsad_gmp.c b/src/gsad_gmp.c
index f79266a12..248a705f0 100644
--- a/src/gsad_gmp.c
+++ b/src/gsad_gmp.c
@@ -5420,7 +5420,8 @@ create_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
CHECK_VARIABLE_INVALID (allow_simultaneous_ips, "Create Target");
if (comment != NULL)
- comment_element = g_strdup_printf ("%s", comment);
+ comment_element =
+ g_markup_printf_escaped ("%s", comment);
else
comment_element = g_strdup ("");
@@ -6391,7 +6392,8 @@ save_target_gmp (gvm_connection_t *connection, credentials_t *credentials,
entity_t entity;
if (comment)
- comment_element = g_strdup_printf ("%s", comment);
+ comment_element =
+ g_markup_printf_escaped ("%s", comment);
else
comment_element = g_strdup ("");
diff --git a/src/gsad_http_handler.c b/src/gsad_http_handler.c
index 4e35e6629..1d0347a74 100644
--- a/src/gsad_http_handler.c
+++ b/src/gsad_http_handler.c
@@ -769,6 +769,7 @@ make_url_handlers ()
url_handler_add_func (url_handlers, "^/robots\\.txt$", handle_static_file);
url_handler_add_func (url_handlers, "^/config\\.*js$", handle_static_config);
+ url_handler_add_func (url_handlers, "^/assets/.+$", handle_static_file);
url_handler_add_func (url_handlers, "^/static/(img|js|css|media)/.+$",
handle_static_file);
url_handler_add_func (url_handlers, "^/manual/.+$", handle_static_file);