protected static function noHTML(string $untrusted) : string { return \htmlentities($untrusted, ENT_QUOTES, 'UTF-8'); }