diff --git a/lib/response.js b/lib/response.js
index 8915660..c5a314d 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -4,6 +4,7 @@
  */
 
 var debug = require('debug')('koa:response');
+var escape = require('escape-html');
 var status = require('statuses');
 var http = require('http');
 var path = require('path');
@@ -448,19 +449,3 @@ module.exports = {
     }
   }
 };
-
-/**
- * Escape special characters in the given string of html.
- *
- * @param  {String} html
- * @return {String}
- * @api private
- */
-
-function escape(html) {
-  return String(html)
-    .replace(/&/g, '&amp;')
-    .replace(/"/g, '&quot;')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;');
-}
diff --git a/package.json b/package.json
index a53a33a..e20679a 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
   ],
   "license": "MIT",
   "dependencies": {
+    "escape-html": "~1.0.1",
     "statuses": "~1.0.1",
     "accepts": "~1.0.0",
     "type-is": "~1.0.0",