hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
{header}
<title>{repo|escape}: searching for {query|escape}</title>
</head>
<body>
<div class="container">
<div class="menu">
<div class="logo">
<a href="{logourl}">
<img src="{staticurl|urlescape}{logoimg}" width=75 height=90 border=0 alt="mercurial"></a>
</div>
<ul>
<li><a href="{url|urlescape}shortlog{sessionvars%urlparameter}">log</a></li>
<li><a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a></li>
<li><a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a></li>
<li><a href="{url|urlescape}bookmarks{sessionvars%urlparameter}">bookmarks</a></li>
<li><a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a></li>
<li><a href="{url|urlescape}help{sessionvars%urlparameter}">help</a></li>
</ul>
</div>
<div class="main">
<h2 class="breadcrumb"><a href="/">Mercurial</a> {pathdef%breadcrumb}</h2>
<h3>searching for '{query|escape}'</h3>
<form class="search" action="{url|urlescape}log">
{sessionvars%hiddenformentry}
<p><input name="rev" id="search1" type="text" size="30"></p>
<div id="hint">find changesets by author, revision,
files, or words in the commit message</div>
</form>
<div class="navigate">
<a href="{url|urlescape}search/{lessvars%urlparameter}">less</a>
<a href="{url|urlescape}search/{morevars%urlparameter}">more</a>
</div>
<table class="bigtable">
<tr>
<th class="age">age</th>
<th class="author">author</th>
<th class="description">description</th>
</tr>
{entries}
</table>
<div class="navigate">
<a href="{url|urlescape}search/{lessvars%urlparameter}">less</a>
<a href="{url|urlescape}search/{morevars%urlparameter}">more</a>
</div>
</div>
</div>
{footer}