hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
{header}
<title>{repo|escape}: Branches</title>
<link rel="alternate" type="application/atom+xml"
href="{url|urlescape}atom-branches" title="Atom feed for {repo|escape}"/>
<link rel="alternate" type="application/rss+xml"
href="{url|urlescape}rss-branches" title="RSS feed for {repo|escape}"/>
</head>
<body>
<div class="page_header">
<a href="{logourl}" title="Mercurial" style="float: right;">Mercurial</a>
<a href="/">Mercurial</a> {pathdef%breadcrumb} / branches
</div>
<div class="page_nav">
<a href="{url|urlescape}summary{sessionvars%urlparameter}">summary</a> |
<a href="{url|urlescape}shortlog{sessionvars%urlparameter}">shortlog</a> |
<a href="{url|urlescape}log{sessionvars%urlparameter}">changelog</a> |
<a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a> |
<a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a> |
<a href="{url|urlescape}bookmarks{sessionvars%urlparameter}">bookmarks</a> |
branches |
<a href="{url|urlescape}file/{node|short}{sessionvars%urlparameter}">files</a> |
<a href="{url|urlescape}help{sessionvars%urlparameter}">help</a>
<br/>
</div>
<div class="title"> </div>
<table cellspacing="0">
{entries%branchentry}
</table>
{footer}