Bug 29853: Add HTML filter before KohaSpan filter

Bug 29853: Add HTML filter before KohaSpan filter

Usage of Template Toolkit plugin KohaSpan as filter is actually :
  Group [% added.title | $KohaSpan class = 'name' | $raw %] created.

But KohaSpan filter does not escape HTML characters.
Whe should filter HTML then KohaSpan.

This patch adds TT html filter before KohaSpan.
Also replaces in Javascript html() with text()
to ensure special caracters are still encoded.
See https://api.jquery.com/text/

Test plan :
1) Create a library with name Libra'rie
2) Create a library group with name Grou'pe
3) Play with this group
4) Add library
5) Remove library
6) Edit group
7) Delete group
8) Each time check that &apos, is not interpreted as single quote

Signed-off-by: Solène Desvaux <solene.desvaux@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f80d9d6d78daaaa3523c962184c1314ca5613796)

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>