Ability to escape validation messages

[bytestream]

I spoke to @torrentalle about this a while ago. If you inject database values into validation messages then you can leave leave yourself open to XSS attacks, for example consider custom field usage.

This adds a new escape configuration option that will run htmlentities on all validation messages. By default it's turn offed for backwards compatibility...

[bytestream]

@torrentalle @antonkomarev @drjoju

Can any of you access the StyleCI account linked to this repository? StyleCI team are advising that in-app settings are overriding the .style-ci.yml file so essentially that file is useless.

https://twitter.com/TeamStyleCI/status/1191738162315505665

[antonkomarev]

I've tried to fix StyleCI somehow and even wrote to StyleCI staff for helping me to fix that, but only @torrentalle has access to it.

[bytestream]

@drjoju sorry to ping, but while you're active would you mind looking at this comment? #329 (comment) maybe you have permission to edit the account...