WebToolsPlanet
Developer Tools

HTML Escape / Unescape

Escape special HTML characters to their entity equivalents or unescape entities back to readable characters — both directions on a single page.

Last updated: May 28, 2026

Client-Side Processing
Input Data Stays on Device
Instant Local Execution

Find this tool useful? Support the project to keep it free!

Buy me a coffee

What is HTML Escape / Unescape?

HTML escaping converts characters that have special meaning in HTML syntax — &, <, >, ", ' — into named entity codes (&amp;, &lt;, &gt;, &quot;, &#039;) so browsers render them as literal text rather than parsing them as markup.

HTML unescaping is the reverse: it converts those entity codes back to the original characters, useful when reading CMS exports, scraping web content, or debugging over-encoded template output.

How to Use HTML Escape / Unescape

1

Paste your text into the input field

2

Click "Escape" to convert special characters to HTML entities

3

Click "Unescape" to convert HTML entities back to their original characters

4

Copy the output with the copy button

Common Use Cases

  • Developers escaping user-input before inserting it into innerHTML to prevent XSS.
  • Backend engineers sanitising strings before embedding them in HTML email templates.
  • Technical writers escaping code examples so they render as text in HTML documentation.
  • Data engineers cleaning CMS exports that contain &amp;, &lt;, and &gt; in text fields.
  • QA testers verifying template engines correctly round-trip escape and unescape content.

Example Input and Output

Escaping a raw code snippet so it displays as literal text inside HTML documentation.

Raw text
<div class="box">Hello & "World"</div>
HTML-escaped output
&lt;div class=&quot;box&quot;&gt;Hello &amp; &quot;World&quot;&lt;/div&gt;

Context matters

HTML escaping is correct for HTML body and attribute contexts. For JavaScript string contexts use JSON / JavaScript string escaping; for URLs use percent-encoding.

Browser-side only

All escaping and unescaping runs locally in your browser.

Frequently Asked Questions

What characters are escaped?
& → &amp;, < → &lt;, > → &gt;, " → &quot;, ' → &#039;. These are the five characters with special meaning in HTML.
Is this the same as HTML Escape and HTML Unescape separately?
Yes — this page combines both directions for convenience. The dedicated HTML Escape and HTML Unescape pages provide the same functionality with intent-specific content and related-tool links.
Is HTML escaping enough to prevent XSS?
It prevents injection in HTML body and attribute contexts. JavaScript event handler attributes, CSS values, and URL parameters require context-specific escaping in addition.
Is my content processed on a server?
No. All processing runs in your browser.

Related Tools

HTML Unescape
Convert HTML entities back to readable characters. Handles &amp;, &lt;, &gt;, &quot; and &#039;.
HTML Entities to Text
Decode HTML entities (&amp;, &lt;, &#60;) back to plain readable text.
HTML Entity Encoder / Decoder
Convert special characters to HTML entities (& → &amp;) and decode them back — for safe, valid HTML.
XML Escape / Unescape
Escape special XML characters (&, <, >, ", ') to entities and unescape them back. Required for valid XML.
String Escape / Unescape
Escape or unescape strings for JSON, JavaScript, HTML, URL, CSV, and RegEx contexts — instantly.
301 Redirect Code Generator
Generate redirect code for Apache (.htaccess), Nginx, IIS (web.config), PHP, HTML meta refresh, and JavaScript. Supports 301, 302, 307, and 308 status codes.

Part of a Collection

Collection
Free Online HTML Tools
Clean, convert, and generate HTML in your browser