Merge branch 'develop' into 1.9

# Conflicts:
#	languages/en.yaml
#	themes/grav/css-compiled/preset.css
#	themes/grav/css-compiled/preset.css.map
#	themes/grav/js/admin.min.js
#	themes/grav/js/vendor.min.js
#	themes/grav/scss/preset.scss

classes/admincontroller.php

@@ -611,6 +611,8 @@ class AdminController extends AdminBaseController
         $reorder = true;
         $data    = (array)$this->data;
 
+        $this->grav['twig']->twig_vars['current_form_data'] = $data;
+
         // Special handler for user data.
         if ($this->view === 'user') {
             if (!$this->grav['user']->exists()) {
@@ -645,10 +647,20 @@ class AdminController extends AdminBaseController
             // Ensure route is prefixed with a forward slash.
             $route = '/' . ltrim($route, '/');
 
+            // XSS Checks for page content
+            $xss_whitelist = $this->grav['config']->get('security.xss_whitelist', 'admin.super');
+            if (!$this->admin->authorize($xss_whitelist)) {
+                if ($issue = Utils::detectXss($data['content'])) {
+                    $this->admin->setMessage(sprintf($this->admin->translate('PLUGIN_ADMIN.XSS_ISSUE'), $issue),
+                        'error');
+                    return false;
+                }
+            }
+
+            // Check for valid frontmatter
             if (isset($data['frontmatter']) && !$this->checkValidFrontmatter($data['frontmatter'])) {
                 $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INVALID_FRONTMATTER_COULD_NOT_SAVE'),
                     'error');
-
                 return false;
             }