Sanitize all HTML before displaying it

briar-android/src/main/java/org/briarproject/briar/android/util/UiUtils.java

@@ -22,6 +22,7 @@ import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.briar.R;
 import org.briarproject.briar.android.view.ArticleMovementMethod;
 import org.briarproject.briar.android.widget.LinkDialogFragment;
+import org.briarproject.briar.util.HtmlUtils;
 
 import static android.text.format.DateUtils.DAY_IN_MILLIS;
 import static android.text.format.DateUtils.FORMAT_ABBREV_MONTH;
@@ -30,6 +31,7 @@ import static android.text.format.DateUtils.FORMAT_ABBREV_TIME;
 import static android.text.format.DateUtils.FORMAT_SHOW_DATE;
 import static android.text.format.DateUtils.MINUTE_IN_MILLIS;
 import static android.text.format.DateUtils.WEEK_IN_MILLIS;
+import static org.briarproject.briar.util.HtmlUtils.ARTICLE;
 
 public class UiUtils {
 
@@ -85,7 +87,7 @@ public class UiUtils {
 	}
 
 	public static Spanned getSpanned(String s) {
-		return Html.fromHtml(s);
+		return Html.fromHtml(HtmlUtils.clean(s, ARTICLE));
 	}
 
 	public static void makeLinksClickable(TextView v) {