What is HTML escaping?

HTML escaping converts special characters like & into HTML entities (< > &) so they display as text instead of being interpreted as HTML code.

When should I escape HTML?

Escape HTML when displaying user input on websites to prevent XSS attacks, or when you want special characters to appear as text rather than code.

What does unescape do?

Unescape converts HTML entities back to their original characters. For example, < becomes < and & becomes &.

Which characters are escaped?

The tool escapes: (greater than), & (ampersand), " (double quote), and ' (single quote).

Is this tool safe for sensitive content?

Yes, all processing happens in your browser. No data is sent to any server.

HTML Escape / Unescape

Convert special characters to HTML entities and back. Essential for web development, preventing XSS attacks, and displaying code safely.

Escape mode: Converts <, >, &, ", ' to HTML entities

Input Text

0 characters · 1 lines

Escaped Output

0 characters · 1 lines

HTML Entities Explained

HTML entities are special codes that represent characters with special meaning in HTML. For example, the less-than symbol < starts an HTML tag, so to display it as text, you must use the entity <. This prevents the browser from interpreting it as code and ensures security against XSS (cross-site scripting) attacks.

Common use cases include displaying code snippets on web pages, sanitizing user input in forms, and preparing text for XML or HTML documents. Developers use HTML escaping to prevent malicious code injection, while unescaping is useful when processing data from APIs or databases that store pre-escaped content.

HTML Escape / Unescape

HTML Entities Explained

Frequently Asked Questions

Related Tools

Remove HTML Tags

CSV Safe

Find & Replace