Add HTML escaping to remove XSS vulnerabilities

[robberwick]

When I came to use this plugin, I noticed that non-HTML text was being injected back into the DOM as HTML without being escaped first. This leads to XSS vulnerabilities, and means that it is possible for a user to inject malcious javascript code into a page which uses this plugin.

To see this in action, I have created a jsbin with a piece of embedded javascript in the text of one of the divs that the ellipsis plugin is applied to (the responsive one, which is fired on every resize event), which will result in an alert box appearing: http://jsbin.com/huhiceqege/5/edit?html,css,js,output

and here is the same bin with the patched script: http://jsbin.com/huhiceqege/1/edit?html,css,js,output

[MartinNuc]

This is pretty much very serious security issue. We've just discovered XSS vulnerability in our ember app which was caused by this plugin. We switched to another lib to do this task but this PR should be really merged after almost 3 years!

[jjenzz]

@MartinNuc @robberwick sorry folks... I've been so busy with work that I hadn't even realised people were using this plugin! It is in desperate need of a rewrite but I have merged this PR for now :+1: thanks.