HTML Escape / Unescape

Escape and unescape HTML special characters and entities.

Your text is escaped and unescaped locally in your browser and nothing is uploaded to a server.

Escaping text for JSON instead? Try JSON Escape / Unescape.

About HTML Escape / Unescape

The HTML entities encoder escapes HTML-special characters and unescapes entities back into plain text directly in your browser. In Escape mode it converts the five special characters & < > " and ' into their safe entity forms (&amp;, &lt;, &gt;, &quot;, &#39;), so you can escape HTML online and display code, tags, or user input inside markup without breaking it. In Unescape mode this html escape and unescape tool decodes named entities like &lt; and &nbsp;, plus decimal (&#39;) and hexadecimal (&#x27;) numeric references, back to the original characters. It is built for front-end and back-end developers, technical writers, and QA engineers who handle templates, email HTML, or scraped pages. Everything is processed locally, so your snippets never leave your device and there is no tracking.

Features

• Escape mode converts & < > " and ' into HTML-safe entities
• Unescape mode decodes named entities such as &lt;, &gt;, &quot;, &apos; and &nbsp;
• Decodes decimal numeric entities like &#39; back to characters
• Decodes hexadecimal numeric entities like &#x27; back to characters
• Resolves &amp; last so already-escaped ampersands decode cleanly
• Switch between Escape and Unescape with a single toggle
• Live output updates as you type, with one-click copy
• Runs entirely in your browser with no tracking

How to use the HTML Escape / Unescape

1. Choose Escape to encode characters or Unescape to decode entities.
2. Paste your text or HTML into the input box.
3. Read the converted result in the output panel as you type.
4. Click Copy to grab the escaped or unescaped output.

Example

Input

<a href="x">Tom & Jerry's</a>

Output

<a href="x">Tom & Jerry's</a>

Escape mode turns markup and special characters into HTML-safe entities.

Common errors & troubleshooting

• Output still shows raw < and > after escaping seems off. — Confirm you are in Escape mode; Unescape mode does the reverse and turns entities back into characters.
• A named entity like &copy; or &mdash; does not decode. — Only &lt;, &gt;, &quot;, &apos; and &nbsp; are handled as named entities; use the numeric form such as &#169; or &#8212; instead.
• Double-encoded text shows &amp;lt; instead of <. — Run Unescape twice, since the text was escaped more than once and each pass decodes one layer.
• Expecting escaping to make untrusted HTML safe to render. — Escaping prevents markup injection for plain text, but always sanitise untrusted HTML with a dedicated sanitizer before rendering it.

Frequently asked questions

What is the HTML entities encoder and what does it escape?

The HTML entities encoder escapes the five HTML-special characters: & becomes &amp;, < becomes &lt;, > becomes &gt;, " becomes &quot;, and ' becomes &#39;.

How do I unescape HTML entities back to text?

Switch the HTML entities encoder to Unescape mode and paste your text; it decodes &lt;, &gt;, &quot;, &apos; and &nbsp;, plus decimal (&#39;) and hexadecimal (&#x27;) numeric references.

Does escaping HTML make user input safe to display?

Escaping prevents markup injection when you output text as content, but you should still sanitise untrusted HTML before rendering it as markup.

Can the HTML entities encoder handle numeric character references?

Yes. Unescape mode converts both decimal references like &#169; and hexadecimal references like &#xA9; back into their characters.

Why does &amp; decode after the other entities?

The HTML entities encoder resolves &amp; last so that already-escaped sequences like &amp;lt; unescape one layer at a time instead of collapsing incorrectly.

Is my text uploaded anywhere when I use the HTML entities encoder?

No. The HTML entities encoder processes everything locally in your browser, so your text never leaves your device and there is no tracking.

Related tools

• URL Encode / Decode — Encode and decode URL components.
• Base64 Encode / Decode — UTF-8 safe Base64 encoding and decoding.
• JSON Escape / Unescape — Escape text into a JSON string or unescape a JSON string back to raw text.
• URL Parser — Break a URL into its parts and list query parameters.
• HTML Formatter — Beautify or minify HTML, format inline CSS/JS, and preview the result.
• XML Formatter — Beautify, minify and validate XML, and convert XML ↔ JSON.
• Markdown Preview — Render Markdown to HTML with a live preview.
• Case Converter — Convert text between camelCase, snake_case, kebab-case, PascalCase and more.

All ArrayKit tools

• JSON Formatter
• JSON Tree Viewer
• JSON Viewer
• JSON to TypeScript
• JSON to CSV
• JSON Escape / Unescape
• Image to PDF
• PDF to Images
• Merge PDFs
• Split PDF
• Image Optimizer
• Rotate PDF
• Organize PDF
• Add Page Numbers
• Watermark PDF
• Crop PDF
• PDF to Text
• Compare PDFs
• Base64 Encode / Decode
• URL Encode / Decode
• HTML Escape / Unescape
• Number Base Converter
• QR Code Generator
• Unix Timestamp Converter
• UUID Generator
• Cron Explainer
• YAML ↔ JSON
• Markdown Preview
• Regex Tester
• CSS Color Converter
• Text Diff
• MDX Converter
• CSS / SCSS Formatter
• JS / TS Formatter
• HTML Formatter
• XML Formatter
• SQL Formatter
• GraphQL Formatter
• Dockerfile Formatter
• MongoDB Query Formatter
• JWT Decoder
• Hash Generator
• Password Generator
• cURL to Fetch
• URL Parser
• Case Converter
• Lorem Ipsum Generator
• Mock Data Generator
• CIDR / Subnet Calculator
• Chmod Calculator
• .gitignore Generator
• HTTP Status & MIME Types
• Contrast Checker
• JSON to Code
• TOTP / 2FA Generator
• Image Format Converter
• EXIF Viewer & Remover
• Mermaid Diagram Renderer
• SVG Optimizer
• JWT Signer
• Open Graph Generator
• IPv6 ↔ IPv4 Converter
• Compress PDF