SEC-967: TextUtils.java does not escape ampersand character

http://jira.springframework.org/browse/SEC-967. Added escaping of '&' character

core/src/main/java/org/springframework/security/util/TextUtils.java

@@ -26,6 +26,8 @@ public abstract class TextUtils {
                 sb.append(""");
             } else if (c == '\'') {
                 sb.append("'");
+            } else if (c == '&') {
+                sb.append("&");
             } else {
                 sb.append(c);
             }