getAddEditHtml() has possible XSS

[mrjones-plip]

a closer analysis of the ability to pass in $customEditArray to the getAddEditHtml() method, as well as the native enum() values, may allow a persistent XSS. a review of the getAddEditHtml() method should be done to ensure we're using $this->cleanse($value) where needed.

for example line 455 seems to be vulnerable