External cal events containing HTML are not parsed

[NovaFox161]

Who is the bug affecting?

Users viewing events in servers that use external calendars and have HTML in their events.

What is affected by this bug?

bot, possibly website, anywhere that displays event content (if website, could potentially lead to XSS)

When does this occur?

Anytime one views and event that contains HTML content

Where on the platform does it happen?

Event view dialogs, potentially announcements and anywhere on the website that shows event content.

How do we replicate the issue?

Have an event that contains HTML content and is then displayed by the bot.

Expected behavior (i.e. solution)

HTML content should be stripped and safe HTML (line breaks, italics, href, etc) should be parsed and displayed safely.

Other Comments

First reported by Danny H on discord.

[NovaFox161]

This will be fixed by using jsoup and parsing out the HTML (except for safe tags) for the web page and when returning in the API.

Internally, we will strip the HTML completely, and replace safe tags with the equivalent markdown code.

I'd like to fit this into 4.1.0, but might have to push this to the next release after that, where I want to work on abstracting out a lot of the API so that 99% of the code base doesn't actually touch google making it easier to integrate into other services such as Apple calendar, ical, Outlook, etc.