Test for unsafe input fields in web UI against XSS

[plenaerts]

Description

Try to prevent GHSA-3gxm-wfjx-m847 from happening again.

This test verifies that the Underscore.js templates in index.html use
the escaping syntax (<%- %) instead of the non-escaping syntax (<%= %).

To Do

• Changelog.

[github-actions]

Thank you for the PR! The changelog has not been updated, so here is a friendly reminder to check if you need to add an entry.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.45%. Comparing base (611a19a) to head (ae084c2).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #6639   +/-   ##
=======================================
  Coverage   72.44%   72.45%           
=======================================
  Files         161      161           
  Lines       20710    20710           
  Branches     3276     3276           
=======================================
+ Hits        15004    15005    +1     
+ Misses       4980     4979    -1     
  Partials      726      726           

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.