Bug 26102: Prevent XSS when To.json is used: authorities/authorities.tt

Check that mandatory tags and subfields are correctly required when
editing an authority record.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

koha-tmpl/intranet-tmpl/prog/en/modules/authorities/authorities.tt

@@ -79,7 +79,7 @@ function AreMandatoriesNotOk(){
     		[% FOREACH subfield_loo IN innerloo.subfield_loop %]
     			[% IF ( subfield_loo.mandatory ) %]mandatories.push("[% subfield_loo.id | html %]");
                     tab.push("[% BIG_LOO.number | html %]");
-                    label.push("[% To.json(subfield_loo.marc_lib) | $raw %]");
+                    label.push("[% To.json(subfield_loo.marc_lib) | html %]");
     			[% END %]
 			[% END %]
 		[% END %]