Fix XSS hole in inline comment editing

Summary:
Thanks to erling for the report. This was XSSable, although you could
only get yourself.

Test Plan:
Made a comment like "</textarea><h1>" and edited it before and after
the patch. Proper behavior with this patch.

Reviewed By: aran
Reviewers: erling, jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 187

src/applications/differential/controller/inlinecommentedit/DifferentialInlineCommentEditController.php

@@ -188,7 +188,7 @@ class DifferentialInlineCommentEditController extends DifferentialController {
         'class' => 'differential-inline-comment-edit-textarea',
         'name' => 'text',
       ),
-      $text);
+      phutil_escape_html($text));
   }
 
 }