Don't encode data of projects when we save it to DB

[maxceem]

Follow up form appirio-tech/connect-app#3485

looks like we have all the Project fields encoded including JSONs:

If I disable this encoding it would look like this:

The encoding has been added in this commit da7a313. I'm not sure what was the reason for this.

• I think if we decide to turn off HTML escaping in DB, we have to do this for all fields for consistency
• so it would be better to "un-escaped" data in all the fields
• instead of SQL update query, it would be better to use some JS function that is opposite to the one we use for encoding to make sure we get the correct reverse result.
• as that this encoding has been introduced 2 years ago, so probably we have part of projects with escaped characters and part of projects without escaping.

From Vikas:
this encoding sanitizing was done because of security testing done by penetration team, I guess. And main purpose is to remove possibility of HTML/Script injection in the system. I am not sure how we can handle it without need of updating all projects in the system. If we go for updating all the projects in the system via a JS code, we have to make sure that we don't update the updatedAt and lastActivityAt fields of the such updated projects otherwise default sorting of the projects might change for users.

[maxceem]

This task is quite wast:

• we have to make sure that if we stop encoding we wouldn't introduce any security issues
• we have to find you how to decode data in DB safely:
  • we should decode only places which has been previously encoded and do not decode character sequences which looks like encoded but actually the data we put inside
  • we have to check if all the projects have been encoded or only a part of projects is encoded since some point of time so again we don't decode what should not be decoded