Fix Widget saving non-XML entities to layout_update

[tdgroot]

When saving a widget containing   characters, layout merging fails.

Description

When saving a widget containing   characters in the data, layout merging fails. Currently, \Magento\Widget\Model\Widget\Instance escapes the HTML when saving the data to the layout_update table. That's not sufficient, because it won't prevent characters like   being added to the XML. As a side note: the supported character entities in XML are very limited.
More about this topic can be found here.

By using html_entity_decode before escaping the HTML, there won't be incompatible character entities in the HTML when escaping it.

The use case of having   in the widget fields may seem a bit extraordinary. My use case(and many other's) is having added a WYSIWYG block to a custom widget. A WYSIWYG produces quite some   characters when being used.

Fixed Issues

1. Magento 2.1 EE: simplexml_load_string() error in custom widget #6594: Magento 2.1 EE: simplexml_load_string() error in custom widget

Steps to reproduce the problem

1. Create a widget instance containing a text field
2. In that field enter  
3. Save it
4. Go to an area in the frontend where the widget should appear
5. Crash

Manual testing procedure

Follow the Steps to reproduce after applying this fix.

Contribution checklist

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds on Travis CI are green)