diff --git a/test/data/mock.php b/test/data/mock.php
index 24302e6bc..2e90de6d3 100644
--- a/test/data/mock.php
+++ b/test/data/mock.php
@@ -1,7 +1,12 @@
 <?php
+
 /**
  * Keep in sync with /test/middleware-mockserver.js
  */
+function cleanCallback( $callback ) {
+	return preg_replace( '/[^a-z0-9_]/i', '', $callback );
+}
+
 class MockServer {
 	protected function contentType( $req ) {
 		$type = $req->query['contentType'];
@@ -65,7 +70,8 @@ class MockServer {
 				array_values( $req->headers )
 			);
 
-			echo $req->query['callback'] . "(" . json_encode( [ 'headers' => $headers ] ) . ")";
+			echo cleanCallback( $req->query['callback'] ) .
+				"(" . json_encode( [ 'headers' => $headers ] ) . ")";
 		} else {
 			echo 'QUnit.assert.ok( true, "mock executed" );';
 		}
@@ -105,17 +111,17 @@ QUnit.assert.ok( true, "mock executed");';
 		} else {
 			$callback = $_POST['callback'];
 		}
-		if ( isset( $req->query['array'] ) ) {
-			echo $callback . '([ {"name": "John", "age": 21}, {"name": "Peter", "age": 25 } ])';
-		} else {
-			echo $callback . '({ "data": {"lang": "en", "length": 25} })';
-		}
+		$json = isset( $req->query['array'] ) ?
+			'[ { "name": "John", "age": 21 }, { "name": "Peter", "age": 25 } ]' :
+			'{ "data": { "lang": "en", "length": 25 } }';
+		echo cleanCallback( $callback ) . '(' . $json . ')';
 	}
 
 	protected function xmlOverJsonp( $req ) {
 		$callback = $_REQUEST['callback'];
+		$cleanCallback = cleanCallback( $callback );
 		$text = json_encode( file_get_contents( __DIR__ . '/with_fries.xml' ) );
-		echo "$callback($text)\n";
+		echo "$cleanCallback($text)\n";
 	}
 
 	protected function error( $req ) {
@@ -243,7 +249,7 @@ QUnit.assert.ok( true, "mock executed");';
 		}
 		if ( isset( $req->query['callback'] ) ) {
 			$callback = $req->query['callback'];
-			echo $callback . '( {"status": 404, "msg": "Not Found"} )';
+			echo cleanCallback( $callback ) . '( {"status": 404, "msg": "Not Found"} )';
 		} else {
 			echo 'QUnit.assert.ok( false, "Mock return erroneously executed" );';
 		}
diff --git a/test/middleware-mockserver.js b/test/middleware-mockserver.js
index 165d33187..04b01d652 100644
--- a/test/middleware-mockserver.js
+++ b/test/middleware-mockserver.js
@@ -7,6 +7,10 @@ var cspLog = "";
 /**
  * Keep in sync with /test/mock.php
  */
+function cleanCallback( callback ) {
+	return callback.replace( /[^a-z0-9_]/gi, "" );
+}
+
 var mocks = {
 	contentType: function( req, resp ) {
 		resp.writeHead( 200, {
@@ -73,7 +77,7 @@ var mocks = {
 		}
 
 		if ( req.query.callback ) {
-			resp.end( req.query.callback + "(" + JSON.stringify( {
+			resp.end( cleanCallback( req.query.callback ) + "(" + JSON.stringify( {
 				headers: req.headers
 			} ) + ")" );
 		} else {
@@ -126,14 +130,14 @@ var mocks = {
 				{ data: { lang: "en", length: 25 } }
 			);
 		callback.then( function( cb ) {
-			resp.end( cb + "(" + json + ")" );
+			resp.end( cleanCallback( cb ) + "(" + json + ")" );
 		}, next );
 	},
 	xmlOverJsonp: function( req, resp ) {
 		var callback = req.query.callback;
 		var body = fs.readFileSync( __dirname + "/data/with_fries.xml" ).toString();
 		resp.writeHead( 200 );
-		resp.end( callback + "(" + JSON.stringify( body ) + ")\n" );
+		resp.end( cleanCallback( callback ) + "(" + JSON.stringify( body ) + ")\n" );
 	},
 	error: function( req, resp ) {
 		if ( req.query.json ) {
@@ -256,10 +260,11 @@ var mocks = {
 		if ( req.query.withScriptContentType ) {
 			resp.writeHead( 404, { "Content-Type": "application/javascript" } );
 		} else {
-			resp.writeHead( 404 );
+			resp.writeHead( 404, { "Content-Type": "text/html; charset=UTF-8" } );
 		}
 		if ( req.query.callback ) {
-			resp.end( req.query.callback + "( {\"status\": 404, \"msg\": \"Not Found\"} )" );
+			resp.end( cleanCallback( req.query.callback ) +
+				"( {\"status\": 404, \"msg\": \"Not Found\"} )" );
 		} else {
 			resp.end( "QUnit.assert.ok( false, \"Mock return erroneously executed\" );" );
 		}