[ACS-5401] Fix unsafe HTML constructed from library input (#8725)

* [ACS-5401] sucurity fix

* [ACS-5401] fix tests

* [ACS-5401] security fix

lib/content-services/src/lib/content-user-info/content-user-info.component.html

@@ -1,8 +1,8 @@
-<div 
+<div
-    id="userinfo_container" 
+    id="userinfo_container"
-    [class.adf-userinfo-name-right]="showOnRight" 
+    [class.adf-userinfo-name-right]="showOnRight"
     (keyup)="onKeyPress($event)"
-    class="adf-userinfo-container" 
+    class="adf-userinfo-container"
     *ngIf="canShow"
 >
     <span *ngIf="showName" id="adf-userinfo-ecm-name-display" class="adf-userinfo-name">

lib/core/src/lib/pipes/user-initial.pipe.ts

@@ -31,7 +31,12 @@ export class InitialUsernamePipe implements PipeTransform {
         let safeHtml: SafeHtml = '';
         if (user) {
             const initialResult = this.getInitialUserName(user.firstName || user.displayName || user.username, user.lastName, delimiter);
-            safeHtml = this.sanitized.bypassSecurityTrustHtml(`<div data-automation-id="user-initials-image" class="${className}">${initialResult}</div>`);
+            const div = document.createElement('div');
+            div.innerText = initialResult;
+            div.dataset.automationId = 'user-initials-image';
+            div.className = className;
+
+            safeHtml = this.sanitized.bypassSecurityTrustHtml(div.outerHTML);
         }
         return safeHtml;
     }