Fix 0011260: Attribute injection/XSS in permalink_page.php

HTML attribute injection via:
permalink_page.php?url=%22%20style=%22display:none%22

This is a possible XSS issue, although <script> tags don't have any
direct effect. It's still possible to use CSS to do naughty things.