Form Builder and Form Runner to sanitize all HTML input and output

[ebruchez]

• check: do we filter HTML tags in LHHA/output?

[ebruchez]

As part of #6550, we have some improved code for sanitation. But it doesn't yet run in the JS environment because we depend on TagSoup. We should migrate to something newer, which supports JVM and JS, either written in Scala or with both a JVM and a JS implementation.

[ebruchez]

There are places where the user can enter HTML via the rich text editor, or via the plain text editor and then converting to HTML. In all those places, we need to sanitize input at design-time as a first step. This includes:

• inline label and hint editors
  • when entering as HTML
  • when converting from plain text to HTML
• in dialogs, LHH
  • when converting from plain text to HTML
  • in other cases, the TinyMCE input is sanitized
• email templates
  • when converting from plain text to HTML
  • in other cases, the TinyMCE input is sanitized
• other?
• In addition, the source code editor should sanitize HTML resources that we know about.

We realize that at design-time, not everything can be caught, since some outputs can be calculated. In that case, and also to protect against bad data, bugs, etc., at runtime, any and all HTML output should be sanitized as well:

• xf:output
• LHHA
• other?