d26a087dff59f4e4493e4ce2cf7d5b1ae145fdf3
galt
  Thu Aug 18 12:15:52 2016 -0700
adding back commits reverted earlier that got lost in the final merge. XSS fixes.

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index 2b43a38..0997d3f 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -1640,31 +1640,31 @@
 popAbortHandler();
 }
 
 void cartEarlyWarningHandler(char *format, va_list args)
 /* Write an error message so user can see it before page is really started. */
 {
 static boolean initted = FALSE;
 va_list argscp;
 va_copy(argscp, args);
 if (!initted)
     {
     htmStart(stdout, "Early Error");
     initted = TRUE;
     }
 printf("%s", htmlWarnStartPattern());
-htmlVaParagraph(format,args);
+htmlVaEncodeErrorText(format,args);
 printf("%s", htmlWarnEndPattern());
 
 /* write warning/error message to stderr so they get logged. */
 logCgiToStderr();
 vfprintf(stderr, format, argscp);
 va_end(argscp);
 putc('\n', stderr);
 fflush(stderr);
 }
 
 void cartWarnCatcher(void (*doMiddle)(struct cart *cart), struct cart *cart, WarnHandler warner)
 /* Wrap error and warning handlers around doMiddle. */
 {
 pushWarnHandler(warner);
 cartErrorCatcher(doMiddle, cart);