Home » Documentation » Filters » randomize replace_args pprint match to_json filesizeformat if menu_trail reversed without_embedded_media show_media is_visible is_a replace random chunk twitter rand escape_ical force_escape utc is_undefined add_year add_month add_week sub_year sub_week sub_month sub_day add_day element in_past in_future truncate vsplit_in timesince yesno urlencode upper tail rjust nthtail member make_list lower ljust group_by linebreaksbr length_is length last join slugify stringify striptags split_in is_defined default_if_undefined default_if_none default format_price format_number format_integer escape unescape fix_ampersands first escapexml escapejs date date_range center capfirst ne_day eq_day insert append

escape

HTML escape a text.

Escapes reserved HTML characters in the value.  Escaped strings are safe to be displayed in a HTML page.  When you echo a query string argument or path variable then you must escape the value before displaying it on a HTML page.

The following characters are replaced:

Character	Replacement
<	&lt;
>	&gt;
" (double quote)	&quot;
&	&amp;
' (single quote)	&#039;

The escaping is only applied when the string is output, so it does not matter where in a chained sequence of filters you put escape: it will always be applied as though it were the last filter. If you want escaping to be applied immediately, use the force_escape filter.

For example:

{{ value|escape }}

When the value is “<hel&lo>” then the output is “&lt;hel&amp;lo&gt;”.