diff --git a/datasette/app.py b/datasette/app.py
index 15cfe90a..f56695ff 100644
--- a/datasette/app.py
+++ b/datasette/app.py
@@ -610,7 +610,8 @@ class Datasette:
             app,
             loader=FileSystemLoader([
                 str(app_root / 'datasette' / 'templates')
-            ])
+            ]),
+            autoescape=True,
         )
         self.jinja.add_env('escape_css_string', escape_css_string, 'filters')
         self.jinja.add_env('quote_plus', lambda u: urllib.parse.quote_plus(u), 'filters')