Sanitise domain name field to prevent XSS attack on the CMS

PWC identified an issue with the subsites module that would allow someone with authenticated access to attack other CMS users, such as "stealing the session ID and hijacking an authenticated user's session".
I can't imagine a case where HTML would ever be allowed in the subdomain of a website, so it's a good practice to strip it out anyway.

Steps to reproduce the original issue:
1. Enter a subsite name and mark as the default site.
2. Add a new domain named <script>alert(2)</script> and mark it as primary
3. Switch to the new subsite.
4. Make a new Page. This will execute a javascript alert containing "2".

MINOR update documentation for onBeforeWrite()
MINOR add @property attributes into docblock

code/model/SubsiteDomain.php

@@ -1,5 +1,9 @@
 <?php
 
+/**
+ * @property text Domain domain name of this subsite. Do not include the URL scheme here
+ * @property bool IsPrimary Is this the primary subdomain?
+ */
 class SubsiteDomain extends DataObject {
 
 	/**
@@ -46,6 +50,7 @@ class SubsiteDomain extends DataObject {
 			new TextField('Domain', $this->fieldLabel('Domain'), null, 255),
 			new CheckboxField('IsPrimary', $this->fieldLabel('IsPrimary'))
 		);
+
 		$this->extend('updateCMSFields', $fields);
 		return $fields;
 	}
@@ -62,4 +67,15 @@ class SubsiteDomain extends DataObject {
 
 		return $labels;
 	}
+
+	/**
+	 * Before writing the Subsite Domain, strip out any HTML the user has entered.
+	 * @return void
+	 */
+	public function onBeforeWrite() {
+		parent::onBeforeWrite();
+
+		//strip out any HTML to avoid XSS attacks
+		$this->Domain = Convert::html2raw($this->Domain);
+	}
 }