Merge branch 'EmailField_Validation' into 'master'

Fixes email fields validation for xss attack

See merge request !670

layouts/v7/modules/Emails/resources/MassEdit.js

@@ -281,6 +281,11 @@ jQuery.Class("Emails_MassEdit_Js",{},{
 					return { id: term, text: term };
 				}
 			},
+                        escapeMarkup: function(m) {
+                            // Do not escape HTML in the select options text
+                            m = vtUtils.stripTags(String(m),'<i><b>');
+                            return m;
+ 			}
 
 		}).on("change", function (selectedData) {
 			var addedElement = selectedData.added;

layouts/v7/modules/Vtiger/resources/Utils.js

@@ -366,6 +366,14 @@ var vtUtils = {
         jQuery(function () {
             jQuery('[data-toggle="tooltip"]').tooltip(options);
         });
+    },
+    
+    stripTags : function(string,allowed) {
+        //https://stackoverflow.com/questions/5601903/jquery-almost-equivalent-of-phps-strip-tags#answer-46483672
+        allowed = (((allowed || '') + '').toLowerCase().match(/<[a-z][a-z0-9]*>/g) || []).join('');
+        var tags = /<\/?([a-z][a-z0-9]*)\b[^>]*>/gi;
+        return string.replace(tags, function ($0, $1) {
+            return allowed.indexOf('<' + $1.toLowerCase() + '>') > -1 ? $0 : '';
+        });
     }
-
 }