Escape values formatted into output HTML

[thp]

Oh, good catch! Values can be quoted with ", so I did that.

Now, I'm not sure if the URL might contain ", of course... If so, the HtmlReporter seems to suffer from this as well, so I'd say this requires a separate fix.

urlwatch/lib/urlwatch/reporters.py

Lines 223 to 233 in 0425631

	if job.location_is_url():
	title = '<a href="{location}">{pretty_name}</a>'
	elif job.pretty_name() != job.get_location():
	title = '<span title="{location}">{pretty_name}</span>'
	else:
	title = '{location}'
	title = '<h2><span class="verb">{verb}:</span> ' + title + '</h2>'
	yield SafeHtml(title).format(verb=job_state.verb,
	location=job.get_location(),
	pretty_name=job.pretty_name())

Originally posted by @fyrk in #854 (comment)