Use proper jQuery objects instead of strings for better security

[m417z]

Fixes #629, improves overall security and robustness, and readability too.
I didn't test it thoroughly, but the bundled example works properly.

Note that while many places prone to XSS are now safe, there are still places which look dangerous. For example:
https://github.com/m417z/yadcf/blob/cd4bf396bc7cc46aa0f7456d5ab0775ad9a94525/jquery.dataTables.yadcf.js#L1559

If the string which is part of the expression is untrusted, it must be escaped.

This pull request took more time than I expected, I'd appreciate if it gets merged.
Thanks for the library.

[vedmack]

Wow, thanks @m417z will merge it in the upcoming days

[m417z]

Thanks. I pushed another commit which actually fixes #629, not only security-wise, even if you use a string like:
A"B'C&nbsp;<script>alert(1)</script>.

[vedmack]

Ohh noooooo!
Only now I noticed that you did you PR on the stable 0.9.3 version instead of the latest beta version of 0.9.4 that is located in yadcf/src/

[m417z]

Heck. I created a rebased version, and found some potential bugs that I'll mention in the new PR:
#634