XSS in scaladoc search

[mpollmeier]

To trigger the XSS vulnerability, simply paste this into the search bar, e.g. on https://www.scala-lang.org/api/2.12.8/:

"\><img/src='1'onerror=alert(777111)>{{7*7}}

The fix for this is straightforward, PR coming shortly.

All credit for finding the vulnerability goes to Yeasir Arafat:
skylinearafat@gmail.com
https://www.facebook.com/skylinearafat.arafat

[SethTisue]

I'm tentatively putting this on the 2.13.0-RC2 milestone, even though the fix targets 2.12.9, because 2.13.0-RC2 will be built before 2.12.9 is. once the fix has been merged forward onto the 2.13.x branch, the milestone can be changed back to 2.12.9

[mpollmeier]

Ok. Let me know if you want me to change the target branch in scala/scala#8018.

[SethTisue]

I've put this back on the 2.12.9 milestone; as per discussion on the PR, it seems this is worth addressing, but not urgent