Security fixes.

[ccd0]

This should fix the stuff in #41.

• Fix arbitrary code evaluation issue that exposed GM_* / chrome API and userscript local filename to scripts running on the page.
• HTML escape post data from the archives rather than trusting the archives to escape it server side (and not do anything malicious).
• Make sure all HTML attributes in the post building code are quoted.

[ccd0]

chrome API

I derped here; you don't have a .crx version, so it's just the GM_* API. The local filenames issue (a Greasemonkey bug) is the larger concern as it can compromise anonymity. And I wouldn't be surprised if this issue of executing untrustworthy code in a trusted context causes other problems I'm not aware of yet.

[loadletter]

Thanks for taking your time to do this