add user input validation

[alexskr]

Add necessary user input validation for various properties/fields in user, ontology, notes, projects, etc, in order to mitigate Cross-Site Scripting vulnerabilities.

here is an example of Persistent XSS vulnerability which will run a malicious Java script in the user's browser when they access ontoportal:

{
    "administeredBy": [
        "https://test.example.org:8443/users/haxor"
    ],
    "acronym": "BADDY",
    "name": "<input type=\"text\" value=\"jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert(1) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert(2)//>\\x3e\"></input>",
    "summaryOnly": null,
    "flat": null,
    "ontologyType": "https://test.example.org:8443/ontology_types/ONTOLOGY",
    "@id": "https://test.example.org:8443/ontologies/BADDY",
    "@type": "http://data.bioontology.org/metadata/Ontology",

Most of the fields should be restricted to alphanumeric characters plus perhaps space, underscore, and dash in names/descriptions/etc of ontologies/users/notes/projects.

[syphax-bouazzouni]

Yeah totally agree on this, I think it should be implemented at the level of Goo, where each of our attribute getters always call html_escape if string.