When an upstream NS returns PTR domain names containing HTML, it is
added verbatim to the connection status table.
Prevent this issue by HTML escaping any values in the source and
destination columns.
Fixes: CVE-2021-32019
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Modern browsers allow decomposing table markup equally well as nested div
constructs, therefor migrate our <div> table markup to actual <table> tags
but keep the old table/tr/th/td CSS classes for now to allow for a smooth
theme transition.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>