Check problems with XSS filtering

[flaix]

The XSS filter sometimes prevents legitimate actions. It seems like the XSS filter needs some rework. We need to check where and what it filters and make sure that it doesn't filter too much. We also need to check if it is still up to date and can prevent current attacks. A unit test based on OWASP should be added.

• XSS request parameter filtering magles parameters by inserting HTML character entities. #822
• Wiki style links are double-encoded #864
• Can't Filter By Topic When Using Multi-Word Topics on Tickets #1339

[flaix]

#864 turned out not to be a XSS related problem and #822 is not reproducible, so seems already fixed.
Moving this to milestone 1.10.1. I'll leave it open, since the XSS filtering may turn out to become a bigger topic.