Corrected HTML-escaping behaviour of url template tag.

Due to the URL encoding applied by the tag for all parameters that might be
partly controllable by an end-user, there are no XSS/security problems
caused by this bug, only invalid HTML.