--- /dev/null
+CREATE OR REPLACE FUNCTION escape_html(_unescaped text) RETURNS text
+ AS $_$
+DECLARE
+BEGIN
+ _unescaped := replace(_unescaped, '&', '&');
+ _unescaped := replace(_unescaped, '"', '"');
+ _unescaped := replace(_unescaped, '<', '<');
+ _unescaped := replace(_unescaped, '>', '>');
+ RETURN _unescaped;
+END;
+$_$
+ LANGUAGE plpgsql IMMUTABLE;
+