Reconsider XSS escaping before saving in the DB

[omarkohl]

Currently it leads to things like this in the GUI I haven't even started.

The following article also makes good points, in particular that every data receiver requires different kind of escaping (HTML, JS, Shell, ...) so it should be responsibility of that receiver to do it. I assume (but need to test!) that React does this correctly, therefore making escaping the HTML before storing in the DB unnecessary.

https://lukeplant.me.uk/blog/posts/why-escape-on-input-is-a-bad-idea/

[omarkohl]

https://stackoverflow.com/questions/33644499/what-does-it-mean-when-they-say-react-is-xss-protected