Fix XSS vulnerability in tag search

[ArthurHoaro]

It affects the title tag of the bookmark list page.

Fixes #2038

[nodiscc]

Thanks! Beat me to it

There is still the problem of #2029 which causes PHP 8.1/8.2 tests to fail... but Shaarli's Docker image is based on alpine 3.16.7 which has PHP 8.0.30 which is not affected. So it should be fine to release as-is.

However PHP8.0 security supports ends in 3 days so it would be good to update to alpine 3.17 (PHP 8.1.22, not affected either).

[ArthurHoaro]

Yes good call, I'll bump Alpine's version.
When this breaking change "bug" is resolved, I don't see any reason to not use the latest version also.

Also, I'm not really aware of what's in master since the previous release. Should I release a 0.12.3 or a 0.13.0?

[nodiscc]

v0.12.2...shaarli:Shaarli:master

These are mostly bugfixes, minor config tweaks, build/CI improvements, and documentation updates, 0.12.3 should be fine. The only commit that might warrant a 0.13.0 is c44a0d2 because that's technically a new feature. But we're not following semantic versioning to the letter so I'd still go for 0.12.3.

[nodiscc]

When this breaking change "bug" is resolved, I don't see any reason to not use the latest version also.

I'll restart working on #2019 (update base image to alpine 3.18) for the next release.

[ArthurHoaro]

The error you had in #2019 seems to happen with Alpine 3.17 as well. I'm going to revert the change and we can upgrade later on, with a next minor release.

#13 1.063 ERROR: unable to select packages:
#13 1.063   php8 (no such package):
#13 1.063     required by: world[php8]
[...]

[nodiscc]

Yes, alpine 3.17 changes PHP package names from php8-* to php81-* (https://pkgs.alpinelinux.org/packages?name=php8*&branch=v3.17&repo=&arch=&maintainer=).

No problem, let's revert the change, I'll look into it.