$escaped_string = escapeHTML("unescaped string");