Fixed #24464 -- Made built-in HTML template filter functions escape their input by default.

This may cause some backwards compatibility issues, but may also
resolve security issues in third party projects that fail to heed warnings
in our documentation.

Thanks Markus Holtermann for help with tests and docs.