XKCD mouseover text is not HTML encoded

[erikdesjardins]

Shows up here: https://noembed.com/embed?url=http%3A%2F%2Fxkcd.com%2F859%2F

The HTML produced (after parsing the JSON) is:

<img /="/" alt="(" src="https://noembed.com/i///imgs.xkcd.com/comics/(.png" title="Brains aside, I wonder how many poorly-written xkcd.com-parsing scripts will break on this title (or ;;"''{<<[' this mouseover text."">

Which results in the title attribute getting cut off by the raw quotes:

Brains aside, I wonder how many poorly-written xkcd.com-parsing scripts will break on this title (or ;;