fix: double escaping of data-calurl prevent use. data-calurl escaped the '&'s replacing them with the entity code. Then the value was processed again by cgi_escape_attrs double escaping the value making it unusable if passed to help_window().