Fix XSS in access token display page

Fixes https://jira.coreos.com/browse/QS-81

templates/generatedtoken.html

@@ -4,23 +4,24 @@
     <link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css">
     <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.no-icons.min.css">
     <link href='//fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
-  </head>
-  <body>
-    <div class="container" style="margin-top: 20px">
-      <img src="/static/img/quay-logo.png">
-      <h5>Access Token:
     <script type="text/javascript">
+      function setToken() {
         var hash = document.location.hash.substr(1);
         var pairs = hash.split('&');
         for (var i = 0; i < pairs.length; ++i) {
           var pair = pairs[i];
           var kv = pair.split('=');
           if (kv[0] == 'access_token') {
-              document.write(kv[1]);
+            document.getElementById('accesstoken').appendChild(document.createTextNode(kv[1]));
+          }
         }
       }
     </script>
-      </h5>
+  </head>
+  <body onload="setToken()">
+    <div class="container" style="margin-top: 20px">
+      <img src="/static/img/quay-logo.png">
+      <h5>Access Token: <span id="accesstoken"></span></h5>
     </div>
   </body>
 </html>