Task-56304 : XSS issue in chat

Before this fix, when sending a message with a mention, there is an XSS issue
This commit encode html entities in the message before adding markup related to the mention so that, the malicious html is not evaluated

application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue

@@ -340,6 +340,7 @@ export default {
     checkMention(message) {
       message = $('<div />').html(message).text();
       message = message.replace(/\s\s+/g, ' ');
+      message = this.encodeHTMLEntities(message);
       for (let i = 0; i < this.participants.length; i++) {
         if (message.includes(`@${this.participants[i].fullname}`) ){
           this.mentionedUsers.push(this.participants[i].name);
@@ -352,6 +353,11 @@ export default {
       this.mentionedUsers = [];
       return message;
     },
+    encodeHTMLEntities(text) {
+      const textArea = document.createElement('p');
+      textArea.innerText = text;
+      return textArea.innerHTML;
+    },
     paste(e) {
       // consider the first item (can be easily extended for multiple items)
       const item = e.clipboardData.items[0];
@@ -367,11 +373,11 @@ export default {
         // cancel paste
         e.preventDefault();
         // get text representation of clipboard
-        this.text = (e.originalEvent || e).clipboardData.getData('text/plain');
+        this.text = this.encodeHTMLEntities((e.originalEvent || e).clipboardData.getData('text/plain'));
         // insert text manually
         $(this.$refs.messageComposerArea).insertAtCaret(this.text);
       }
     },
   }
 };
-</script>
+</script>