Vulnerabilityfixes

This pull request comprises of the following
1. DOM - based XSS vulnerability fixes - escapeHTML function was not used in some of the places. I have added it to the places where it was missed.
2. When the project is used under HTTPS by setting "use_tls" property to true in the config.json file, secure flag is set to true for the COOKIEs, and when used under HTTP, it is set to false.
3. Default expiration time for the COOKIE was 30 days. I have changed it to 5 days.
4. CSRF vulnerability & Insecure Direct object reference - I have duplicated the api routes separately for the browser. And i have modified all Javascript files to use the /browser routes instead of /api. This way, the /api routes continue to be csrfexempt, while the /browser routes are now under csrf protection. And since mid.RequireLogin is used by the /browser routes, in contrast to the mid.RequireAPIKey used by the /api routes. The /browser routes deduce the identity of the user from the HTTP request through the "id" value that is set in the COOKIEs rather than from the api_key being passed. This way, Insecure direct object reference also gets mitigated on the dashboard.

^^ Please NOTE that, this change doesn't touch the API layer at all.

该提问来源于开源项目：gophish/gophish