HTML sanitizing for components that use dangerouslySetInnerHTML

[Georgi2704]

Some components such as WfoStep accept raw html via
<div className="emailMessage" dangerouslySetInnerHTML={{ __html: value.message }} ></div>

Investigate using a library such as https://github.com/cure53/DOMPurify or ensure HTML gets somewhat sanitised before injecting it into a component.