escape diff headers for html

src/__tests__/diff2html-tests.ts

@@ -723,7 +723,7 @@ describe('Diff2Html', () => {
 <tr>
     <td class=\\"d2h-code-linenumber d2h-info\\"></td>
     <td class=\\"d2h-info\\">
-        <div class=\\"d2h-code-line d2h-info\\">@@ -11,7 +10,7 @@ $a=&quot;&lt;table&gt;&lt;tr&gt;&lt;td&gt;- 1.1.9: Fix around ubuntu&#x27;s inability to cache promises. [#8</div>
+        <div class=\\"d2h-code-line d2h-info\\">@@ -11,7 +10,7 @@ $a=&amp;quot;&amp;lt;table&amp;gt;&amp;lt;tr&amp;gt;&amp;lt;td&amp;gt;- 1.1.9: Fix around ubuntu&amp;#x27;s inability to cache promises. [#8</div>
     </td>
 </tr><tr>
     <td class=\\"d2h-code-linenumber d2h-cntx\\">

src/line-by-line-renderer.ts

@@ -95,7 +95,7 @@ export default class LineByLineRenderer {
       .map(block => {
         let lines = this.hoganUtils.render(genericTemplatesPath, 'block-header', {
           CSSLineClass: renderUtils.CSSLineClass,
-          blockHeader: block.header,
+          blockHeader: renderUtils.escapeForHtml(block.header),
           lineClass: 'd2h-code-linenumber',
           contentClass: 'd2h-code-line',
         });

src/side-by-side-renderer.ts

@@ -206,7 +206,7 @@ export default class SideBySideRenderer {
   makeHeaderHtml(blockHeader: string): string {
     return this.hoganUtils.render(genericTemplatesPath, 'block-header', {
       CSSLineClass: renderUtils.CSSLineClass,
-      blockHeader: blockHeader,
+      blockHeader: renderUtils.escapeForHtml(blockHeader),
       lineClass: 'd2h-code-side-linenumber',
       contentClass: 'd2h-code-side-line',
     });