[CVE-2010-0432] Multiple fixes to the html form widget renderer to ensure that all output is encoded when necessary.