security: [event:event-timeline] Fixed XSS in the event timeline widget

As reported by fukusuket(Fukusuke Takahashi)

app/Lib/Tools/EventTimelineTool.php

@@ -97,7 +97,7 @@
                 $toPush = array(
                     'id' => $attr['id'],
                     'uuid' => $attr['uuid'],
-                    'content' => $attr['value'],
+                    'content' => h($attr['value']),
                     'event_id' => $attr['event_id'],
                     'group' => 'attribute',
                     'timestamp' => $attr['timestamp'],
@@ -114,9 +114,9 @@
                 $toPush_obj = array(
                     'id' => $obj['id'],
                     'uuid' => $obj['uuid'],
-                    'content' => $obj['name'],
+                    'content' => h($obj['name']),
                     'group' => 'object',
-                    'meta-category' => $obj['meta-category'],
+                    'meta-category' => h($obj['meta-category']),
                     'template_uuid' => $obj['template_uuid'],
                     'event_id' => $obj['event_id'],
                     'timestamp' => $obj['timestamp'],
@@ -140,8 +140,8 @@
                     $toPush_attr = array(
                         'id' => $obj_attr['id'],
                         'uuid' => $obj_attr['uuid'],
-                        'content' => $obj_attr['value'],
-                        'contentType' => $obj_attr['object_relation'],
+                        'content' => h($obj_attr['value']),
+                        'contentType' => h($obj_attr['object_relation']),
                         'event_id' => $obj_attr['event_id'],
                         'group' => 'object_attribute',
                         'timestamp' => $obj_attr['timestamp'],
@@ -206,7 +206,7 @@
                             'attribute_id' => $attributeId,
                             'id' => sprintf('%s-%s', $attributeId, $sighting['id']),
                             'uuid' => $sighting['uuid'],
-                            'content' => $attribute['value'],
+                            'content' => h($attribute['value']),
                             'event_id' => $attribute['event_id'],
                             'group' => $group,
                             'timestamp' => $attribute['timestamp'],
@@ -235,7 +235,7 @@
                             'attribute_id' => $attributeId,
                             'id' => sprintf('%s-%s', $attributeId, $sighting['id']),
                             'uuid' => $sighting['uuid'],
-                            'content' => $attribute['value'],
+                            'content' => h($attribute['value']),
                             'event_id' => $attribute['event_id'],
                             'group' => 'sighting_positive',
                             'timestamp' => $attribute['timestamp'],
@@ -255,7 +255,7 @@
                                 'attribute_id' => $attributeId,
                                 'id' => sprintf('%s-%s', $attributeId, $sighting['id']),
                                 'uuid' => $fpSighting['uuid'],
-                                'content' => $attribute['value'],
+                                'content' => h($attribute['value']),
                                 'event_id' => $attribute['event_id'],
                                 'group' => 'sighting_negative',
                                 'timestamp' => $attribute['timestamp'],
@@ -279,7 +279,7 @@
                                 'attribute_id' => $attributeId,
                                 'id' => sprintf('%s-%s', $attributeId, $sighting['id']),
                                 'uuid' => $fpSighting['uuid'],
-                                'content' => $attribute['value'],
+                                'content' => h($attribute['value']),
                                 'event_id' => $attribute['event_id'],
                                 'group' => 'sighting_negative',
                                 'timestamp' => $attribute['timestamp'],