Add extra sanitisation to html_title()

This is required just in case html_title() is called with a page title
that contains a string/value that could contain unsafe characters that
could trigger an XSS bug.