Improve HTML sanitization on messages

[steveyken]

Chat messages have HTML sanitization to prevent js injection attacks.

However, we want to be able to display some HTML tags such as links and twilio audio.

There is some link detection in

admin.goodcity/app/models/message.js

Lines 27 to 54 in 9f4c325

	parsedBody: Ember.computed("body", function() {
	let body = this.get("body");
	body = body.replace(/(<br>)/gm, "\n");
	body = body.replace(/(<)/g, "&lt;");
	let hrefExpressionMatch = body.match(
	/\&lt;a href=(.*?)\>(.*?)\&lt;\/a\s*?\>/
	);
	if (hrefExpressionMatch) {
	body = this.sanitizingAnchorLinks(body, hrefExpressionMatch);
	}
	return body;
	}),
	sanitizingAnchorLinks(body, hrefExpressionMatch) {
	let originalLink = hrefExpressionMatch[0];
	let anchorLink = hrefExpressionMatch[1];
	let text = hrefExpressionMatch[2];
	if (
	anchorLink.includes("/plan_delivery") ||
	anchorLink.includes(
	"crossroads-foundation.formstack.com/forms/goods_donor_survey?field"
	)
	) {
	body = body.replace(originalLink, `<a href=${anchorLink}>${text}</a>`);
	}
	return body;
	},

but this is rudimentary and doesn't handle cases where a user has left a voicemail.

Example:

[steveyken]

@patrixr made a good start on this on Saturday

[steveyken]

@patrixr one to finish off perhaps? Not sure which branch?