Fix potential XSS vulnerability in break_long_headers template filter (encode#9435)

Author: Владислав Савченко

rest_framework/templatetags/rest_framework.py

@@ -318,5 +318,5 @@ def break_long_headers(header):
     when possible (are comma separated)
     """
     if len(header) > 160 and ',' in header:
-        header = mark_safe('<br> ' + ', <br>'.join(header.split(',')))
+        header = mark_safe('<br> ' + ', <br>'.join(escape(header).split(',')))
     return header