fix(jqLite): prevent possible XSS due to regex-based HTML replacement

This also splits the wrapping logic to one for modern browsers & one for IE 9
as IE 9 has restrictions that make it impossible to make it as secure.