Defend against potential XSS attacks.

Mark Sapirorequested to merge
msapiro/hyperkitty:xss into master

fixes #506

Merge request reports