[Vuln] v-html in CharacterToken

Summary

The v-html tag in CharacterToken introduces a cross-site scripting vulnerability.

Steps to reproduce

If a user sets the icon of a token to a string like "" instead of a unicode icon, this script will be executed in another user's browser.

Possible fixes

html\src\components\character\CharacterToken.vue:3

See also html\src\components\common\IconSelector\IconSelector.vue:13

Cause (Fill out after fix)

Chose one or more:

• Work was rushed
• Plan Incomplete
• Insufficient Tests
• Missed in Review