diff --git a/web/api/v1/upload/UploadHandler.php b/web/api/v1/upload/UploadHandler.php
index aedd747ca..0c80e8f40 100755
--- a/web/api/v1/upload/UploadHandler.php
+++ b/web/api/v1/upload/UploadHandler.php
@@ -1191,6 +1191,13 @@ class UploadHandler
                     ));
                 }
             }
+            if(!headers_sent()){
+                // this is the most likely/expected path.
+                header("Content-Type: text/javascript; charset=UTF-8");
+            } else {
+                // html-encode json to prevent xss...
+                $json = htmlentities($json, ENT_QUOTES | ENT_SUBSTITUTE | ENT_DISALLOWED | ENT_HTML401);
+            }
             $this->body($json);
         }
         return $content;