escape html special chars in name attribute

[caverav]

I have escaped the html special characters from the name attribute in particular, however this should be done with all user-controllable inputs, this should close #35.

Now if you try to put the POC mentioned in the issue ("><img src=x onerror=alert(1)>) you will see the following:

[P0cas]

I have confirmed for that

[petersirka]

I have a better fix. It will be soon.