Day-293 Cross-site scripting (XSS) stored in href bypasses filter using data wrapper in janeczku/calibre-web