Backport from trunk r1303145: CVE-2012-1621: Ensure that collections (except for maps) are properly encoded for html when rendered using toString() e.g.