Content in content fields (5xx) as well as for the names of locations in copy
count alt text was not being properly escaped, allowing for the possibility of
executing arbitrary JavaScript in the case of a malicious catalogue record
(whether edited in the system, or imported)
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>