Fix for #278 missing html escaping for dot

It was possible to inject html markup in the label of a dot node.
This lead to the error observed in #278.

This fix is currently only for the label attribute.
Other attribute might be affected as well.

Author: raphaelahrens

pytm/pytm.py

@@ -1496,7 +1496,7 @@ def display_name(self):
         return self.name
 
     def _label(self):
-        return "\\n".join(wrap(self.display_name(), 18))
+        return "\\n".join(wrap(html.escape(self.display_name()), 18))
 
     def _shape(self):
         return "square"