hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
<script type="text/javascript">process_dates()</script>
{motd}
<div class="logo">
<a href="{logourl}">
<img src="{staticurl|urlescape}{logoimg}" width=75 height=90 border=0 alt="mercurial"></a>
</div>
</body>
</html>