Convert everything to safe HTML

Summary: Sgrepped for `"=~/</"` and manually changed every HTML.

Test Plan: This doesn't work yet but it is hopefully one of the last diffs before Phabricator will be undoubtedly HTML safe.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4927

src/applications/phpast/controller/PhabricatorXHPASTViewFramesetController.php

@@ -14,12 +14,15 @@ final class PhabricatorXHPASTViewFramesetController
 
     $response = new AphrontWebpageResponse();
     $response->setFrameable(true);
-    $response->setContent(
-      '<frameset cols="33%, 34%, 33%">'.
-        '<frame src="/xhpast/input/'.$id.'/" />'.
-        '<frame src="/xhpast/tree/'.$id.'/" />'.
-        '<frame src="/xhpast/stream/'.$id.'/" />'.
-      '</frameset>');
+    $response->setContent(hsprintf(
+      '<frameset cols="33%%, 34%%, 33%%">'.
+        '<frame src="/xhpast/input/%s/" />'.
+        '<frame src="/xhpast/tree/%s/" />'.
+        '<frame src="/xhpast/stream/%s/" />'.
+      '</frameset>',
+      $id,
+      $id,
+      $id));
 
     return $response;
   }