Don't render raw HTML returned by the alert bag (#5475)

ref: GHSA-mgr9-6c2j-jxrq

Author: DaneEveritt

app/Models/DatabaseHost.php

@@ -62,7 +62,7 @@ class DatabaseHost extends Model
      */
     public static array $validationRules = [
         'name' => 'required|string|max:191',
-        'host' => 'required|string',
+        'host' => 'required|string|regex:/^[\w\-\.]+$/',
         'port' => 'required|numeric|between:1,65535',
         'username' => 'required|string|max:32',
         'password' => 'nullable|string',

resources/views/layouts/admin.blade.php

@@ -145,7 +145,7 @@
                             @foreach (Alert::getMessages() as $type => $messages)
                                 @foreach ($messages as $message)
                                     <div class="alert alert-{{ $type }} alert-dismissable" role="alert">
-                                        {!! $message !!}
+                                        {{ $message }}
                                     </div>
                                 @endforeach
                             @endforeach