Html encode nodenames to prevent XSS attacks. Fixes U4-10497 XSS Vulnerability in page name.

(cherry picked from commit fe2b86b681)

src/Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs

@@ -30,7 +30,7 @@ namespace Umbraco.Web.UI.Umbraco.Dialogs
             }
 
             DocumentId = doc.Id;
-            PageName = doc.Name;
+            PageName = Server.HtmlEncode(doc.Name);
             DocumentPath = doc.Path;
 
         }

src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs

@@ -26,7 +26,7 @@ namespace umbraco.dialogs
         protected void Page_Load(object sender, EventArgs e)
         {
             Button1.Text = ui.Text("update");
-            pane_form.Text = ui.Text("notifications", "editNotifications", node.Text, base.getUser());
+            pane_form.Text = ui.Text("notifications", "editNotifications", Server.HtmlEncode(node.Text), base.getUser());
         }
 
         #region Web Form Designer generated code