diff --git a/src/auth/csrf.rs b/src/auth/csrf.rs
index 55a6cd3..c7beb59 100644
--- a/src/auth/csrf.rs
+++ b/src/auth/csrf.rs
@@ -15,7 +15,7 @@ impl CSRF for User {
     ///
     /// This is useful for htmx requests to update the CSRF token in place.
     async fn update_csrf(&self) -> PreEscaped<String> {
-        html! { script { (format!("document.querySelectorAll('.csrf').forEach(element => {{ element.value = '{}'; }});", self.get_csrf().await)) }; }
+        html! { script { (PreEscaped(format!("document.querySelectorAll('.csrf').forEach(element => {{ element.value = '{}'; }});", self.get_csrf().await))) }; }
     }
 
     /// Get CSRF Token for the current session