BUGFIX: Prevent XSS attacks by coverting special characters to HTML

[mikec655]

When a Fusion form is submitted with a field that uses, for example, a regex validator, the value is included in the error message when it does not match the pattern: The given subject did not match the pattern. Got: {value}

If the submitted value contains valid HTML, the HTML is rendered instead of displayed as text in the error message. This introduces a potential XSS vulnerability.

To prevent this, I added String.htmlSpecialChars(...), which ensures that the value is properly escaped and displayed as expected in the error message.