HTML Unescape - Decode HTML Entities Online

Unescape HTML entities online. Convert &amp; &lt; &gt; &quot; &#39; back to &, <, >, ", '. Free, runs in your browser.

Input

Mode:

Output

What Is HTML Unescaping?

HTML unescaping converts HTML entity sequences back into their original characters. When HTML-escaped text is stored in a database, an API response, or a CMS, the entities (&amp;, &lt;, &gt;, &quot;, &#39;) need to be decoded to read the plain text.

This tool starts in Unescape mode. Switch to Escape mode to convert special characters into HTML entities. Everything runs in your browser.

How to Use This Tool

1

Mode is Set to Unescape

This tool starts in Unescape mode. Switch to Escape if you need to convert characters to entities instead.

2

Paste or Upload Text

Paste your text or HTML into the left editor, or use Upload to load a file. Click Sample to try an example.

3

Copy or Download Result

The right panel updates automatically. Use <strong>Copy</strong> or <strong>Download</strong> to save the result. To format HTML, try the HTML Formatter tool.

HTML Escape Examples

Escaping converts special characters to HTML entities so they render as text:

Raw input (with special characters)

Input

Escaped output (HTML entities)

Output

When HTML Escaping Matters

When you display user-provided content in HTML, you must escape it first to prevent Cross-Site Scripting (XSS) attacks. An attacker could inject <script> tags or event handlers that execute arbitrary JavaScript. Escaping renders those characters harmless as text.

Escaping is the reverse operation: it converts plain characters to HTML entities to prevent XSS. See the HTML Escape tool.

Frequently Asked Questions

What characters are escaped?

The five standard HTML entities: &&amp;, <&lt;, >&gt;, "&quot;, '&#39;.

Is this the same as URL encoding?

No. HTML escaping uses named/numeric entities (&amp;, &lt;) for HTML contexts. URL encoding uses percent-encoding (%26, %3C) for URLs.

Why does & need to be escaped first?

Because & starts all HTML entities. If you escaped < first to &lt;, then tried to escape &, you'd get &amp;lt;. Always escape & first.

Is my data sent to a server?

No. All processing runs in your browser.

Can I escape a full HTML document?

Yes. Paste the entire HTML and the tool will escape all special characters. This is useful when you want to display HTML source code inside a web page.

Related Tools

HTML Unescape HTML Formatter JSON Escape HTML Minifier XML Escape

The HTML Living Standard defines character references. MDN on HTML entities. The OWASP XSS guide explains why escaping matters for security.