If we are going to include user input in our response, we have to make sure any HTML is escaped and can't be interpreted by the browser as HTML.
https://github.com/UChicagoWebDev/lab-3