[HOTFIX] Escaping vulnerable text when modal opens (apache#4795)

(cherry picked from commit 25b6001)

zeppelin-web/src/app/helium/helium.controller.js

@@ -240,10 +240,10 @@ export default function HeliumCtrl($scope, $rootScope, $sce,
           `<div style="color:gray">${getHeliumTypeText(type)}</div>` +
           '<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
           '<div style="font-size: 14px;">Description</div>' +
-          `<div style="color:gray">${description}</div>` +
+          `<div style="color:gray">${_.escape(description)}</div>` +
           '<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
           '<div style="font-size: 14px;">License</div>' +
-          `<div style="color:gray">${license}</div>`,
+          `<div style="color:gray">${_.escape(license)}</div>`,
         callback: function(result) {
           if (result) {
             confirm.$modalFooter.find('button').addClass('disabled');