hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
{header}
<title>{repo|escape}: files for changeset {node|short}</title>
</head>
<body>
<div class="buttons">
<a href="{url|urlescape}log/{rev}{sessionvars%urlparameter}">changelog</a>
<a href="{url|urlescape}shortlog/{rev}{sessionvars%urlparameter}">shortlog</a>
<a href="{url|urlescape}graph{sessionvars%urlparameter}">graph</a>
<a href="{url|urlescape}tags{sessionvars%urlparameter}">tags</a>
<a href="{url|urlescape}branches{sessionvars%urlparameter}">branches</a>
<a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">changeset</a>
{archives%archiveentry}
<a href="{url|urlescape}help{sessionvars%urlparameter}">help</a>
</div>
<h2><a href="/">Mercurial</a> {pathdef%breadcrumb} / files for changeset <a href="{url|urlescape}rev/{node|short}">{node|short}</a>: {path|escape}</h2>
<table cellpadding="0" cellspacing="0">
<tr class="parity{upparity}">
<td><tt>drwxr-xr-x</tt>
<td>
<td>
<td><a href="{url|urlescape}file/{node|short}{up|urlescape}{sessionvars%urlparameter}">[up]</a>
</tr>
{dentries%direntry}
{fentries%fileentry}
</table>
{footer}