Sanitize feature name

[eduardoborba]

The feature's name isn't escaped properly in the "Do you really want to delete" confirmation dialog. When the user clicks "Delete", the page will run the XSS from the feature name.

Example: http://localhost:9292/features/'+alert(1)+'

[eduardoborba]

hey @fl-slava @reneklacan @Bartuz,
We have tried to contact you through other forms and haven't heard back from you, so we went ahead and requested a CVE ID for this vulnerability and are planning to disclose this to the public soon. Could you please take a look at this PR and help us push the fix in the next rollout-ui version for the other users?

[nielsenramon]

We have tried to contact you through other forms and haven't heard back from you

@eduardoborba Mind if I ask how and where you contacted us? Only email we got was 4 hours ago from another company.

[Antti]

Thank you @eduardoborba !

[eduardoborba]

@nielsenramon I've tried to reach to some of the maintainers by email, using my work email. Plus the PR was open here since March. I'm glad that someone else was also pushing to get the fix accepted.

Thank you! @Antti