x => Object.assign(document.createElement('div'), { textContent: x }).innerHTML
True, you could also do it with
x => x.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/"/g, """).replace(/'/g, "'")
or similar, but if you do it the first way you don't have to remember the HTML entities 🙂