HTML Escape / Unescape - Encode HTML Entities Online

Escape and unescape HTML entities online. Convert &, <, >, ", ' to &amp; &lt; &gt; &quot; &#39; and back. Free, runs in your browser.

Input

Mode:

Output

What Is HTML Escaping?

HTML escaping converts special characters into their HTML entity equivalents so they are displayed as text rather than interpreted as HTML markup. The five characters that must always be escaped are: &&amp;, <&lt;, >&gt;, "&quot;, and '&#39;.

This tool has two modes: Escape and Unescape. Both run entirely in your browser; no data is sent to a server.

How to Use This Tool

1

Choose Mode

Select Escape to convert special characters to HTML entities, or Unescape to convert entities back to their original characters.

2

Paste or Upload Text

Paste your text or HTML into the left editor, or use Upload to load a file. Click Sample to try an example.

3

Copy or Download Result

The right panel updates automatically. Use <strong>Copy</strong> or <strong>Download</strong> to save the result. To format HTML, try the HTML Formatter tool.

HTML Escape Examples

Escaping converts special characters to HTML entities so they render as text:

Raw input (with special characters)

Input

Escaped output (HTML entities)

Output

When HTML Escaping Matters

When you display user-provided content in HTML, you must escape it first to prevent Cross-Site Scripting (XSS) attacks. An attacker could inject <script> tags or event handlers that execute arbitrary JavaScript. Escaping renders those characters harmless as text.

Unescaping is useful when you receive HTML-escaped content (e.g. from a database or API) and want to display or process the original text. See also HTML Unescape which starts in Unescape mode.

Frequently Asked Questions

What characters are escaped?

The five standard HTML entities: &&amp;, <&lt;, >&gt;, "&quot;, '&#39;.

Is this the same as URL encoding?

No. HTML escaping uses named/numeric entities (&amp;, &lt;) for HTML contexts. URL encoding uses percent-encoding (%26, %3C) for URLs.

Why does & need to be escaped first?

Because & starts all HTML entities. If you escaped < first to &lt;, then tried to escape &, you'd get &amp;lt;. Always escape & first.

Is my data sent to a server?

No. All processing runs in your browser.

Can I escape a full HTML document?

Yes. Paste the entire HTML and the tool will escape all special characters. This is useful when you want to display HTML source code inside a web page.

Related Tools

HTML Unescape HTML Formatter JSON Escape HTML Minifier XML Escape

The HTML Living Standard defines character references. MDN on HTML entities. The OWASP XSS guide explains why escaping matters for security.