Important - HTML does not get escaped in failed test reports

Describe the bug

If tests fails, a user (student, tutor, instructor) can click on the underlined x of y passing to see more details. A modal opens up and shows the error that got reported. In case of JUnit, the error looks like this internally:

expected:<Nieder mit den Eisb[ä]ren!> but was:<Nieder mit den Eisb[�]ren!>

This however is not what is shown:

Because it is not escaped, and transforms into (partly by the browser):

This can easily be further extended to:

and could lead to big problems, in addition to students not getting a helpful error message.

To Reproduce

1. Create Java programming exercise
2. Set it up to test for String equality (no String can contain linebreaks, otherwise the HTML is rendered differently - but still wrong - again) using assertEquals
3. Solve the exercise and make a mistake, but only in the middle of the String (because <[… seems to be no problem to display)
4. Submit and take a look at the report shown by artemis, also using the dev-view of the web browser

Expected behavior

HTML special characters must be escaped.

Environment

 - OS: Windows 10 (1903)
 - Browser Vivaldi (2.8; Chromium 77 based)