This patch fixes a stored XSS in the TinyMCE editor, which could be
reproduced where the editor was present. The input was stored which
meant that any future collaborators could be affected by any malicious
payload in the XSS.

The patch works by escaping the defaultvalue of the wsyiwyg form
element, which is the value stored the database.

CVE 2013-1426

Change-Id: Iecf5f1e520e6499db5a0f78493ce119a352b6a91
Signed-off-by: Aaron Wells <aaronw@catalyst.net.nz>