Investigate and document how Qute can help with preventing stored XSS attacks

[sberyozkin]

Description

While the new CSRF prevention feature can help with handling reflected XSS attacks, Qute can help with getting the recorded HTML fragments sanitized via some of its customization options - it needs to be verified and documented

Implementation ideas

No response

[quarkus-bot]

/cc @mkouba

[mkouba]

For the record, for HTML and XML templates the ', ", <, > and & characters are escaped by default if a template variant is set, see https://quarkus.io/guides/qute-reference#character-escapes for more details.