Only encode dangerous dangerous characters

There is no need to encode all characters into HTML entities, only potential dangerous characters as &, ", ', < and > should get encoded.

This may fix issues like https://github.com/owncloud/calendar/pull/394