XSS vulnerabilities in Ref App 2.x

There is several pages in the RA that are vulnerable to XSS attacks, a vulnerability can be reproduced when creating a patient and the JS is specified in the surname and address fields, see https://talk.openmrs.org/t/xss-vulnerability-in-openmrs-2-x-ui/698 and several other pages under 'Configure Metadata' and 'System Administration' apps.

There is more vulnerabilities mentioned at http://packetstormsecurity.com/files/128748

Would be worth it to investigate other vulnerable areas in the UI

Acceptance Criteria

1. The page https://wiki.openmrs.org/x/h5UvAg should have a section documenting how to escape user-entered content using UiUtils.escape* methods, and examples
2. The specific vulnerability mentioned in https://talk.openmrs.org/t/xss-vulnerability-in-openmrs-2-x-ui/698 is fixed
3. A new ticket exists to go through the whole 2.x UI and clean up XSS vulnerabilities

Process Notes

We should create subtasks for (groups of) vulnerabilities, and let people fix them in parallel.