HTML Escape / Unescape
Escape and unescape HTML special characters and entities.
Your text is escaped and unescaped locally in your browser and nothing is uploaded to a server.
Escaping text for JSON instead? Try JSON Escape / Unescape.
About HTML Escape / Unescape
The HTML entities encoder escapes HTML-special characters and unescapes entities back into plain text directly in your browser. In Escape mode it converts the five special characters & < > " and ' into their safe entity forms (&, <, >, ", '), so you can escape HTML online and display code, tags, or user input inside markup without breaking it. In Unescape mode this html escape and unescape tool decodes named entities like < and , plus decimal (') and hexadecimal (') numeric references, back to the original characters. It is built for front-end and back-end developers, technical writers, and QA engineers who handle templates, email HTML, or scraped pages. Everything is processed locally, so your snippets never leave your device.
Features
- Escape mode converts & < > " and ' into HTML-safe entities
- Unescape mode decodes named entities such as <, >, ", ' and
- Decodes decimal numeric entities like ' back to characters
- Decodes hexadecimal numeric entities like ' back to characters
- Resolves & last so already-escaped ampersands decode cleanly
- Switch between Escape and Unescape with a single toggle
- Live output updates as you type, with one-click copy
- Runs entirely in your browser
How to use the HTML Escape / Unescape
- Choose Escape to encode characters or Unescape to decode entities.
- Paste your text or HTML into the input box.
- Read the converted result in the output panel as you type.
- Click Copy to grab the escaped or unescaped output.
Example
Input
<a href="x">Tom & Jerry's</a>
Output
<a href="x">Tom & Jerry's</a>
Escape mode turns markup and special characters into HTML-safe entities.
Common errors & troubleshooting
- Output still shows raw < and > after escaping seems off. — Confirm you are in Escape mode; Unescape mode does the reverse and turns entities back into characters.
- A named entity like © or — does not decode. — Only <, >, ", ' and are handled as named entities; use the numeric form such as © or — instead.
- Double-encoded text shows &lt; instead of <. — Run Unescape twice, since the text was escaped more than once and each pass decodes one layer.
- Expecting escaping to make untrusted HTML safe to render. — Escaping prevents markup injection for plain text, but always sanitise untrusted HTML with a dedicated sanitizer before rendering it.
Frequently asked questions
- What is the HTML entities encoder and what does it escape?
- The HTML entities encoder escapes the five HTML-special characters: & becomes &, < becomes <, > becomes >, " becomes ", and ' becomes '.
- How do I unescape HTML entities back to text?
- Switch the HTML entities encoder to Unescape mode and paste your text; it decodes <, >, ", ' and , plus decimal (') and hexadecimal (') numeric references.
- Does escaping HTML make user input safe to display?
- Escaping prevents markup injection when you output text as content, but you should still sanitise untrusted HTML before rendering it as markup.
- Can the HTML entities encoder handle numeric character references?
- Yes. Unescape mode converts both decimal references like © and hexadecimal references like © back into their characters.
- Why does & decode after the other entities?
- The HTML entities encoder resolves & last so that already-escaped sequences like &lt; unescape one layer at a time instead of collapsing incorrectly.
- Is my text uploaded anywhere when I use the HTML entities encoder?
- No. The HTML entities encoder processes everything locally in your browser, so your text never leaves your device.
Related tools
All ArrayKit tools