How do I html-escape dangerous unsanitized input in jinja2?

e.g.

{{ user.username|e }}

Pipe it through the |e filter

Jinja: Template Designer Documentation -> HTML Escaping