hgweb: urlescape all urls, HTML escape repo/tag/branch/... names
Without this, repository paths or names containing e.g. & characters or html
tags yielded strange results, possibly allowing cross-site scripting attacks.
<table class="slogEntry parity{parity}">
<tr>
<td class="age">{date|rfc822date}</td>
<td class="author">{author|person}</td>
<td class="node"><a href="{url|urlescape}rev/{node|short}{sessionvars%urlparameter}">{desc|strip|firstline|escape|nonempty}</a></td>
</tr>
</table>