fast and safe way to escape and unescape &<>'" chars