Fix XSS, CSRF, input validation, and related security issues

tests/test_ha_integration.py

@@ -33,6 +33,7 @@ def ha_app():
         SECRET_KEY = "test-secret"
         SQLALCHEMY_TRACK_MODIFICATIONS = False
         TESTING = True
+        WTF_CSRF_ENABLED = False      # disable CSRF validation in tests
         HOMEASSISTANT_URL = "http://ha.test:8123"
         HOMEASSISTANT_API_KEY = "fake-token"
         HOMEASSISTANT_POLL_INTERVAL = 300