Escape / Unescape HTML
Convert special characters to HTML entities (escape) or convert entities back to characters (unescape). Paste your text below.
| Character | Entity | Name |
|---|---|---|
| < | < | Less than |
| > | > | Greater than |
| & | & | Ampersand |
| " | " | Double quote |
| ' | ' | Single quote / Apostrophe |
Free HTML Escape and Unescape Tool
The SmarterSources Escape/Unescape HTML tool helps developers safely encode and decode HTML special characters. Escaping HTML converts characters like <, >, &, and quotes into their HTML entity equivalents, preventing browsers from interpreting them as markup and protecting against XSS vulnerabilities.
When to Escape HTML
You should escape HTML whenever you display user-generated content on a web page. This prevents malicious code injection (XSS attacks) and ensures that text containing HTML characters displays correctly instead of being rendered as HTML elements.
When to Unescape HTML
Unescape HTML when you need to convert entities back to their original characters for editing, processing, or display in a non-HTML context. This is common when working with data from APIs, databases, or content management systems that store escaped content.
Frequently Asked Questions
What does escaping HTML mean?
It means replacing special characters with HTML entities so they display as text rather than being interpreted as HTML. For example, < becomes < so the browser shows a literal less-than sign instead of starting a tag.
Why is HTML escaping important for security?
Without escaping, attackers can inject malicious scripts through user input (XSS attacks). Escaping ensures that any HTML or JavaScript in user input is treated as plain text, not executable code.
Is my data safe?
Yes. This tool runs entirely in your browser. No data is sent to any server and nothing is stored.