Fixed XSS vulnerabilities for the Branch field and uploaded file captions. (CVE-2013-4519)

It was possible to construct captions for uploaded files and construct a Branch field where the content would be interpreted as HTML.

Thanks to Frederik Braun at Mozilla for reporting this.