Merge pull request #1178 from ualbertalib/704_html_markup

closes #704 

From a security perspective I tried some simple javascript injection into the description field and found it to be ineffective.
```
<script>alert('Injected!');</script>
<BR SIZE="&{alert('Injected')}"> 
<DIV STYLE="background-image: url(javascript:alert('Injected'))">
```

Author: pgwillia

app/views/records/show_fields/_abstract.html.erb

@@ -0,0 +1,5 @@
+<span itemprop="abstract">
+  <%= iconify_auto_link(record.abstract) %>
+</span>
+<br />
+

app/views/records/show_fields/_is_version_of.html.erb

@@ -0,0 +1,5 @@
+<span itemprop="is_version_of">
+  <%= iconify_auto_link(record.is_version_of) %>
+</span>
+<br />
+

spec/features/record_show_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe GenericFile do
+  context 'record', :type => :feature do
+
+    let(:user) { FactoryGirl.find_or_create :user_with_fixtures }
+    let!(:file) do
+      GenericFile.new.tap do |f|
+        f.resource_type = ["Thesis" ]
+        f.read_groups = ['public']
+        f.abstract = "This is a <a href=\"https://library.ualberta.ca\">test link</a>"
+        f.is_version_of = "This is <b>bold</b> text."
+        f.apply_depositor_metadata(user.user_key)
+        f.save!
+      end
+    end
+
+    after :all do
+      cleanup_jetty
+    end
+
+    it "page should not have html tags" do
+      visit "/files/#{file.id}"
+      expect(page).to have_content('This is a test link')
+      expect(page).to have_link('test link', href: 'https://library.ualberta.ca')
+      parent = page.find("span[itemprop='is_version_of']")
+      expect(parent).to have_css('b')
+      expect(parent).to have_content('This is bold text.')
+    end
+    
+  end
+end