Do not allow for <> in email

account-gui/src/routes/Login.svelte

@@ -41,6 +41,12 @@
 
     const init = el => el.focus();
 
+    const handleInput = e => {
+        const email = (e.target.value || "").replace(/[<>]/g, "");
+        e.target.value = email;
+        $user.email = email;
+    }
+
     const allowedNext = email => validEmail(email) || $user.knownUser;
 
     const nextStep = () => {
@@ -144,7 +150,8 @@
            class={`${emailNotFound ? 'error' : ''}`}
            placeholder={I18n.t("login.emailPlaceholder")}
            use:init
-           bind:value={$user.email}
+           on:input={handleInput}
+           value={$user.email}
            on:keydown={handleEmailEnter}
            spellcheck="false">
 {/if}

account-gui/src/routes/Request.svelte

@@ -52,7 +52,7 @@
                         emailInUse = true;
                     } else if (e.status === 412) {
                         emailForbidden = true;
-                    }else {
+                    } else {
                         navigate("/expired", {replace: true});
                     }
                 });
@@ -63,6 +63,12 @@
 
     const init = el => el.focus();
 
+    const handleInput = e => {
+        const email = (e.target.value || "").replace(/[<>]/g, "");
+        e.target.value = email;
+        $user.email = email;
+    }
+
     const allowedNext = (email, familyName, givenName, agreedWithTerms) => {
         return validEmail(email) && familyName && givenName && agreedWithTerms && !$domains.allowedDomainNamesError
     };
@@ -186,7 +192,8 @@
        class:error={emailInUse || emailForbidden}
        placeholder={I18n.t("login.emailPlaceholder")}
        use:init
-       bind:value={$user.email}
+       on:input={handleInput}
+       value={$user.email}
        on:blur={handleEmailBlur}>
 {#if !initial && !validEmail($user.email)}
     <div class="error"><span class="svg">{@html critical}</span><span>{I18n.t("login.invalidEmail")}</span></div>