#4 HTML escaping of database content

[Joe Romaine]

Currently, the content retrieved from the database is not
HTML escaped before being used in HTML pages.
Consequently, syntactically significant characters such
as double quote will be rendered as is, creating
malformed HTML. Note that a solution should be
implemented which can be utilized across the many
pages of the application.