[SPARK-39505][UI] Escape log content rendered in UI

### What changes were proposed in this pull request?

Escape log content rendered to the UI.

### Why are the changes needed?

Log content may contain reserved characters or other code in the log and be misinterpreted in the UI as HTML.

### Does this PR introduce _any_ user-facing change?

No

### How was this patch tested?

Existing tests

Closes #36902 from srowen/LogViewEscape.

Authored-by: Sean Owen <srowen@gmail.com>
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>

Author: srowen

core/src/main/resources/org/apache/spark/ui/static/log-view.js

@@ -85,7 +85,7 @@ function loadMore() {
       if (retStartByte == 0) {
         disableMoreButton();
       }
-      $("pre", ".log-content").prepend(cleanData);
+      $("pre", ".log-content").prepend(document.createTextNode(cleanData));
 
       curLogLength = curLogLength + (startByte - retStartByte);
       startByte = retStartByte;
@@ -115,7 +115,7 @@ function loadNew() {
             var retLogLength = dataInfo[2];
 
             var cleanData = data.substring(newlineIndex + 1);
-            $("pre", ".log-content").append(cleanData);
+            $("pre", ".log-content").append(document.createTextNode(cleanData));
 
             curLogLength = curLogLength + (retEndByte - retStartByte);
             endByte = retEndByte;