Fix alert template creation xss (#16446)

https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52

includes/html/forms/alert-templates.inc.php

@@ -91,6 +91,6 @@ try {
     $message .= $e->getMessage();
 }
 
-$response = ['status' => $status, 'message' => $message, 'newid' => $template_newid];
+$response = ['status' => htmlentities($status), 'message' => htmlentities($message), 'newid' => $template_newid];
 
 echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);

includes/html/modal/alert_template.inc.php

@@ -201,7 +201,9 @@ function alertTemplateAjaxOps(template, name, template_id, title, title_rec, rul
                         }
                     });
                 } else {
-                    var newrow = [{id: output.newid, templatename: name, alert_rules: JSON.stringify(row_rules)}];
+
+                    var escaped_name = new Option(name).innerHTML;
+                    var newrow = [{id: output.newid, templatename: escaped_name, alert_rules: JSON.stringify(row_rules)}];
                     $('#templatetable').bootgrid("append", newrow);
                 }
             } else {