escapeHtml
Escapes characters that are unsafe inside HTML text content or attribute values.
The & replacement must run first to prevent any subsequent replacement from producing an entity that then gets double-escaped (e.g. < → < → &lt;).
Characters escaped:
&→&<→<>→>"→"'→'