Output Sanitation
Your code is working correctly. If you look at the source code of the page, you will see: <script>alert('Test')</script> When the above text gets processed for display by your browser, it then becomes <script>alert(‘Test’)</script> which is what you want to be displayed.