The idea is to prevent double escaping in s() and mustache.escape() by using numeric html entities to sanitise result of format_string(), get_string() and similar.