fixin' an xss vulnerability in query_name widget.

lib/widget/controls/query_name.rb

@@ -18,7 +18,7 @@ class Widget::Controls::QueryName < Widget::Controls
       options["data-is_public"] = @subject.public?
       options["data-is_new"] = @subject.new_record?
     end
-    write(content_tag(:span, name, options) + icon.to_s)
+    write(content_tag(:span, h(name), options) + icon.to_s)
   end
 
   def translations