Fix XSS hole in inline comment editing

Summary:
Thanks to erling for the report. This was XSSable, although you could
only get yourself.

Test Plan:
Made a comment like "</textarea><h1>" and edited it before and after
the patch. Proper behavior with this patch.

Reviewed By: aran
Reviewers: erling, jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 187