HTML Escape & Unescape

Encode HTML entities or decode them back — in one workspace

Input

Enter HTML to escape
0 characters

Settings

Named: < | Decimal: < | Hex: <

Output

HTML entities result
0 characters
About This Tool

This is the general-purpose HTML entity workspace — escape special characters like <, >, &, ", and ' into their entity equivalents, or decode entities like &amp;, &lt;, &#39;, and &#x27; back into plain text, switching direction with a single click. It's the right starting point when you're not sure yet which direction you need, or when you're going back and forth — for example, escaping a code sample to publish it, then later unescaping a CMS export to check what's actually stored. Prefer a dedicated page? The HTML Escape and HTML Unescape pages default straight into one direction with focused, direction-specific guidance.

How to Use

Choose Escape or Unescape using the tabs at the top. For Escape, paste raw text or HTML — entity-encoded output appears as you type, with a choice of named, decimal, or hexadecimal entity formats. For Unescape, paste entity-encoded text to recover the original characters, including mixed named and numeric entities. Toggle 'Keep Line Breaks' to control whether newlines are preserved, and use 'Encode All Characters' in Escape mode for maximum-compatibility output. When Escape mode is active, the tool watches for input that already looks entity-encoded and offers a one-click switch to Unescape.

Common Use Cases

Switching Mid-Task

Escape a code sample for safe publishing on a web page, then later paste a CMS export back in and switch to Unescape to verify what HTML was actually stored.

XSS Prevention Workflow

Escape user-generated input before display, then unescape stored values during a security audit to confirm no double-encoding crept in.

Template Debugging

Escape a snippet to see its literal HTML representation, or unescape a rendered template's output to check what tags were actually generated.

Data Pipeline Round-Trip

Escape HTML fragments before storing them in JSON or XML, then unescape them again when reading the data back out.

Limitations & Important Notes

HTML entity escaping is not a substitute for full HTML sanitization — it protects against characters being misinterpreted as markup, but does not remove dangerous attributes or scripts from HTML you don't control. All processing is client-side, so very large documents are limited by your browser's available memory. Double-escaping (running already-escaped text through Escape again) and double-unescaping (decoding already-plain text) are both technically harmless but can produce unexpected-looking output if applied by mistake — check your input's current state before choosing a direction.