Our definevar tag was relying on str being treated as unsafe strings,

but in the test suite that seems to no longer be the case for template

tags (though I'm not finding much in the documentation about this). This

change updates it to explicitly call escape instead of relying on the

type-checking deeper down.

Ran unit tests.