HTML escapde generated c before formatting (fixes carlosperate#50).

Author: carlosperate

ardublockly/ardublockly.js

@@ -626,11 +626,15 @@ Ardublockly.renderContent = function() {
     var diff = JsDiff.diffWords(Ardublockly.PREV_ARDUINO_CODE_, arduinoCode);
     var resultStringArray = [];
     for (var i = 0; i < diff.length; i++) {
-      if (diff[i].added) {
-        resultStringArray.push(
-            '<span class="code_highlight_new">' + diff[i].value + '</span>');
-      } else if (!diff[i].removed) {
-        resultStringArray.push(diff[i].value);
+      if (!diff[i].removed) {
+        var escapedCode = diff[i].value.replace(/</g, "&lt;")
+                                       .replace(/>/g, "&gt;");
+        if (diff[i].added) {
+          resultStringArray.push(
+              '<span class="code_highlight_new">' + escapedCode + '</span>');
+        } else {
+          resultStringArray.push(escapedCode);
+        }
       }
     }
     document.getElementById('content_arduino').innerHTML =