fix: Add configuration for XSS protection and enable whitelist functionality

Author: fit2-zhao

installer/conf/cordys-crm.properties

@@ -34,7 +34,10 @@ spring.ai.mcp.server.version=1.0.0
 # sqlbot.aes-key=your-aes-key
 # sqlbot.aes-iv=your-aes-iv
 
-# 启用白名单功能,不开启则不限制访问
+# Enable whitelist functionality, if not enabled, access will not be restricted.
 dashboard.whitelist.enabled=false
-# 白名单开关开启后允许访问的IP地址或域名列表,多个用逗号分隔
+# Enable whitelist functionality, if not enabled, access will not be restricted.
 dashboard.whitelist.allowed=
+
+# Full HTML escaping switch. When enabled, all tags will be escaped (may affect content display), only enable for special scenarios.
+xss.escape.all.enabled=false