Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1125181
Description of problem:
I was trying to update parameter defined under settings tab and I was able to update it with HTML tags and those tags should be escaped properly.

For example, I updated 'administrator' parm value with :<a href="foo_bar">foo</a>

And UI shows me a link to 'foo'. Please see the screenshot.

Please note that UI doesn't escaped the HTML tags immediately after updating the value. But once you navigate away from settings page to other and get back then it will be escaped.

Version-Release number of selected component (if applicable):
sat6 GA snap1

How reproducible:
always

Steps to Reproduce:
1. pick any parameter which open a text box to update its value
2. edit the value with html tags like: <a href="foo_bar">foo</a>
3. save it

Actual results:
UI doesn't escaped the HTML tags immediately after updating the value. But once you navigate away from settings page to other and get back then it will be escaped.

Expected results:
HTML tags should be escaped as soon as you save the parameter value

Additional info:
similar issue with other parameter "email_reply_address"