Navigation Block: Properly escape HTML in labels prior to insertion in JSON #724
Description
We allow defining HTML within a nav item's "label", but insert that string into JSON without escaping. This seemed to work until just recently.
Specifically what brought this up: the "Download" menu on any photo page for the Photo Directory stopped including the menu items in the menu. The submenu items are defined with HTML. In debugging, omitting the HTML from the label allowed the menu to display.
The label string should be properly escaped so it can be safely inserted within the HTML block comment.
