fix: double escaping of data-calurl prevent use.

data-calurl escaped the '&'s replacing them with the entity code.
Then the value was processed again by cgi_escape_attrs double escaping
the value making it unusable if passed to help_window().

Author: rouilj

roundup/cgi/templating.py

@@ -2438,7 +2438,7 @@ def popcal(self, width=300, height=200, label="(cal)",
             date = ""
 
         data_attr = {
-            "data-calurl": '%s?@template=calendar&property=%s&form=%s%s' % (
+            "data-calurl": '%s?@template=calendar&property=%s&form=%s%s' % (
                 self._classname, self._name, form, date),
             "data-width": width,
             "data-height": height