Special characters in literal values entered in the UI are not escaped

[tkuhn]

When I enter a string containing a quote character (") in the UI for a literal parameter, I would expect it to get escaped when the final SPARQL query is built. Instead, it seems that it is inserted without any checks and that an invalid SPARQL request is sent to the server, which then responds with "500 Internal Server Error".