fix(core)!: Use CSP header to sandbox html webhooks instead of iframe (#18602)

packages/nodes-base/nodes/RespondToWebhook/RespondToWebhook.node.ts

@@ -1,6 +1,5 @@
 import jwt from 'jsonwebtoken';
 import set from 'lodash/set';
-import { isHtmlRenderedContentType, sandboxHtmlResponse } from 'n8n-core';
 import type {
 	IDataObject,
 	IExecuteFunctions,
@@ -402,9 +401,6 @@ export class RespondToWebhook implements INodeType {
 				}
 			}
 
-			const hasHtmlContentType =
-				headers['content-type'] && isHtmlRenderedContentType(headers['content-type'] as string);
-
 			let statusCode = (options.responseCode as number) || 200;
 			let responseBody: IN8nHttpResponse | Readable;
 			if (respondWith === 'json') {
@@ -480,13 +476,9 @@ export class RespondToWebhook implements INodeType {
 					this.sendChunk('end', 0);
 				}
 			} else if (respondWith === 'text') {
-				// If a user doesn't set the content-type header and uses html, the html can still be rendered on the browser
 				const rawBody = this.getNodeParameter('responseBody', 0) as string;
-				if (hasHtmlContentType || !headers['content-type']) {
-					responseBody = sandboxHtmlResponse(rawBody);
-				} else {
-					responseBody = rawBody;
-				}
+				responseBody = rawBody;
+
 				// Send the raw body to the stream
 				if (shouldStream) {
 					this.sendChunk('begin', 0);
@@ -564,15 +556,6 @@ export class RespondToWebhook implements INodeType {
 				return [[{ json: {}, sendMessage: message }]];
 			}
 
-			if (
-				hasHtmlContentType &&
-				respondWith !== 'text' &&
-				respondWith !== 'binary' &&
-				responseBody
-			) {
-				responseBody = sandboxHtmlResponse(JSON.stringify(responseBody as string));
-			}
-
 			response = {
 				body: responseBody,
 				headers,