CmsKit - PreventXSS Enhancement

[enisn]

Description

Resolves #17677

PreventXSS feature was enabled by default for all contents. It's a problem while adding javascript to the CMS Application and trying to call any function from that javascript.

Now, it doesn't work everywhere by default. It'll work on the following conditions after this PR:

• Pages: Disabled by default.
• Blogs: Enabled by default. (Configurable per Blog)
• Comments: Enabled by default

Checklist

• I fully tested it as developer / designer and created unit / integration tests
• I documented it (or no need to document or I will create a separate documentation issue)

How to test it?

1. Add the following script by using Global Resources

function sayHello(){
  alert('Hello');
}

2. Create a Page or BlogPost with the following button

 <button class="btn btn-primary" onclick="sayHello()">Click me</button>

Page should work by default, BlogPost shouldn't work until you disable PreventXSS feature for blog.

[codecov]

Codecov Report

Merging #17681 (3d8fda7) into dev (4818c55) will decrease coverage by 0.02%.
The diff coverage is 72.72%.

@@            Coverage Diff             @@
##              dev   #17681      +/-   ##
==========================================
- Coverage   53.51%   53.49%   -0.02%     
==========================================
  Files        3037     3037              
  Lines       94913    94917       +4     
==========================================
- Hits        50795    50779      -16     
- Misses      44118    44138      +20     

Files Changed	Coverage Δ
...ontracts/Volo/CmsKit/Contents/DefaultContentDto.cs	0.00% <0.00%> (ø)
...sKit.Domain.Shared/Volo/CmsKit/Blogs/BlogConsts.cs	100.00% <ø> (ø)
...msKit/GlobalFeatures/BlogPostScrollIndexFeature.cs	100.00% <ø> (ø)
...in/Volo/CmsKit/Blogs/DefaultBlogFeatureProvider.cs	100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more