fix ponder escaping issue

Summary: Question titles were not escaped; now they are.

Test Plan: Observe the escaping.

Reviewers: epriestley

Reviewed By: epriestley

CC: nh, aran, Korvin

Differential Revision: https://secure.phabricator.com/D3490

Author: phooji

src/applications/ponder/view/PonderQuestionDetailView.php

@@ -46,7 +46,9 @@ public function render() {
 
     $panel = id(new AphrontPanelView())
       ->addClass("ponder-panel")
-      ->setHeader($this->renderObjectLink().' '.$question->getTitle());
+      ->setHeader(
+        $this->renderObjectLink().' '.
+        phutil_escape_html($question->getTitle()));
 
     $contentview = new PonderPostBodyView();
     $contentview