Convert HTML characters to their respecive HTML entities, which renders them safe from HTML injection.
This will be useful for fixing strings that have been double-encoded or double-decoded, but in general it's not possible to determine if a string is in this state or not.