Instead we html_escape the externalized string,
consistent with the HTML section in this doc