Security: Sanitize mathjaxBind content to prevent stored XSS (#5108)

Render challenge HTML through Angular sanitize instead of compiling user
content as live Angular templates.

Co-authored-by: Cursor Agent <cursoragent@cursor.com>

Author: RishabhJain2018

frontend/src/js/directives/directives.js

@@ -340,14 +340,12 @@ function dashboardFooterController($scope) {
 (function() {
     'use strict';
 
-    angular.module('evalai').directive("mathjaxBind", ['$compile', '$timeout', function($compile, $timeout) {
+    angular.module('evalai').directive("mathjaxBind", ['$sanitize', '$timeout', function($sanitize, $timeout) {
       return {
         restrict: "A",
         link: function(scope, element, attrs) {
           scope.$watch(attrs.mathjaxBind, function(texExpression) {
-            var template = angular.element('<div>').html(texExpression).contents();
-            var compiledTemplate = $compile(template)(scope);
-            element.empty().append(compiledTemplate);
+            element.html($sanitize(texExpression || ''));
             $timeout(function() {
                 /* eslint-disable no-undef */
                 MathJax.Hub.Queue(["Typeset", MathJax.Hub, element[0]]);