#541 Entity references are not escaped/unescaped correctly

[Ahasuerus]

Entity references are not escaped/unescaped correctly. To replicate the problem, enter one or more character entity references in a publication note, e.g. "<over>", submit. The web server properly serves back the pub note, including the character entity references (view the page source in your web browser to verify). Edit the pub and take a look at the pub note and you will see that the character entity references have been replaced by the characters that they reference. In the example above, the pub note field in the form now displays the text <over>. Submit the form without making any changes. A submission is made that changes the pub note field, eliminating the character entity references. When the submission is approved, the content of the pub note field may not render correctly anymore. In the example above, the text <over> is no longer displayed because the web browser now thinks this is an HTML element because it sees angle brackets around the word "over".</over></over>