Password generator page should htmlescape the resulting password

Original hw_tree.xml file has `&amp;` and similar. Replacing the password with one generated from your site and uploading the modified xml results in an "invalid config" error.
Once I htmlescape the ciphertext then the config is accepted by the router.