Sanitize syntax highlighting

[bramz]

When viewing uploaded data with syntax highlighting via /s/ route, data is not being sanitized properly.

To replicate upload code with embedded HTML tags and view with the syntax highlighting route.

             complete: function(token) {
              $html = ['<div class="misc-done">',
                '<label for="url">The URL!</label><input type="text" name="url" class="inside url" value="',
                document.location.href + token.responseJSON.token,
                '" />',
                '</div>'
              ].join('');

Example

[bramz]

This is similar to the bug in #56 however the hotfix to fix that does not apply here and characters will need to be escaped/sanitized properly.