WordPress has a baked in solution:
esc_html__( string $text, string $domain = 'default' )
You can use that to replace __() and __x() but the second one looks for contextual translations where you specify the context for the string being translated.
The codex for it is right here:
https://developer.wordpress.org/reference/functions/esc_html__/