fix(xss): Fixed XSS security bug (#1929)

* Fixed XSS bug

set Content-Type response header as text/plain rather than default text/html

* Update index.ts

Author: r0hanSH

packages/express/src/index.ts

@@ -38,7 +38,10 @@ nivo.get('/r/:id', (req, res) => {
 
     const config = storage.get(req.params.id)
     if (!config) {
-        return res.status(404).send(`no chart found for id "${id}"`)
+        return res
+            .set('Content-Type', 'text/plain')
+            .status(404)
+            .send(`no chart found for id "${id}"`)
     }
 
     // @ts-ignore