Enhance HTML escaping

[richter-alex]

Enhances HTML escaping by accounting for < and /. This helps to further avoid cases where these HTML characters inputted into Hypernova are not escaped, leading to downstream breakages in places like JSON.parse().

npm test comes back green.

This is the first step toward packaging these changes into a new version for private release on package cloud.

[JackMc]

This looks good to me.

One comment: would it be worth rewriting

hypernova/src/index.js

Lines 46 to 49 in a29f81b

	function toScript(attrs, data) {
	const dataAttributes = Object.keys(attrs).map(name => makeValidDataAttribute(name, attrs[name]));
	return `<script type="application/json" ${dataAttributes.join(' ')}>${LEFT}${encode(data)}${RIGHT}</script>`; // eslint-disable-line max-len
	}

in terms of DOM APIs instead of string interpolation? It's generally a bad pattern to construct HTML using string interpolation. Maybe in another PR:)

[richter-alex]

I agree, we can roll that into the next release as a quick win through another PR before putting it up.

[jamesism]

code LGTM