This moves the current sanitization specs to a shared example, so we can
re-use them for broadcast message sanitization and be sure to not
introduce a XSS vulnerability.