diff --git a/src/Extension/EscaperExtension.php b/src/Extension/EscaperExtension.php
index 19dfd7d100d..0b7dc26f97b 100644
--- a/src/Extension/EscaperExtension.php
+++ b/src/Extension/EscaperExtension.php
@@ -332,7 +332,7 @@ function twig_escape_filter(Environment $env, $string, $strategy = 'html', $char
                 throw new RuntimeError('The string to escape is not a valid UTF-8 string.');
             }
 
-            $string = preg_replace_callback('#[^a-zA-Z0-9,\.\-_]#Su', function ($matches) {
+            $string = preg_replace_callback('#[^a-zA-Z0-9,\.\-_:]#Su', function ($matches) {
                 /**
                  * This function is adapted from code coming from Zend Framework.
                  *
diff --git a/tests/Extension/EscaperTest.php b/tests/Extension/EscaperTest.php
index 9804feaa5c7..600c7200089 100644
--- a/tests/Extension/EscaperTest.php
+++ b/tests/Extension/EscaperTest.php
@@ -40,6 +40,7 @@ class Twig_Tests_Extension_EscaperTest extends TestCase
         '.' => '.',
         '-' => '-',
         '_' => '_',
+        ':' => ':',
         /* Basic alnums excluded */
         'a' => 'a',
         'A' => 'A',
@@ -314,7 +315,7 @@ public function testJavascriptEscapingEscapesOwaspRecommendedRanges()
     public function testHtmlAttributeEscapingEscapesOwaspRecommendedRanges()
     {
         $twig = new Environment($this->createMock(LoaderInterface::class));
-        $immune = [',', '.', '-', '_']; // Exceptions to escaping ranges
+        $immune = [',', '.', '-', '_', ':']; // Exceptions to escaping ranges
         for ($chr = 0; $chr < 0xFF; ++$chr) {
             if ($chr >= 0x30 && $chr <= 0x39
             || $chr >= 0x41 && $chr <= 0x5A