fix(xss): Ensure to use the xml_escape method on entity attributes
With a CWEntity, the json_dumps method retrieve the attributes as a jsonable dict.
But the string values are not correctly escape and it's possible to inject XSS with the CubicWeb autogenerated forms.
Related to #564
--HG-- branch : 3.37
Edited by Aurélien Lubert