HTML Entity Escape / Unescape

Escape special characters to HTML entities (e.g. < to <) or unescape them back. Prevent XSS and format code for display.

Runs in your browser

Input

Output

How it works

A quick explanation of what this tool does, and when it's useful.

HTML escaping replaces "unsafe" characters with "HTML entities". This tells the browser to treat them as text content rather than code to be executed.

Common Developer Use Cases:

Displaying code snippets on a blog (so <div> shows up as text instead of creating a div).
Sanitizing user input before saving to a database or rendering.
Preventing Cross-Site Scripting (XSS) attacks.

Frequently asked questions

Short answers to common questions about html entity escape / unescape.

Why do I need to escape HTML?+

If you display user input directly on a webpage, a malicious user could inject Javascript (XSS). Escaping converts special characters like < and > into safe text representations.

What characters are escaped?+

The standard set includes: & (&), < (<), > (>), " ("), and ' (').

Related tools

All tools →

JWT Decoder (Debug Only)

Decode JSON Web Tokens (JWT) to inspect headers and payloads. Client-side only for security - no secret keys required.

Dev Utilities

UUID Generator (v4)

Generate secure, random UUIDs (Universally Unique Identifiers) version 4 locally in your browser. Bulk generation supported.

Dev Utilities