What is HTML escaping?

Converting special chars ( , &, ", ') to entities (<, >, &, etc.) for safe display.

Cross-Site Scripting. Attack that injects malicious scripts. Escape user input before embedding in HTML.

Which chars need escaping?

Five: , &, ", '. Convert to <, >, &, ", '. " and ' critical in attributes.

HTML escape vs URL encode?

HTML escape: < → < (for display). URL encode: space → %20 (for URLs). Different purposes; sometimes both needed.

Tools

FPS Calculator
Unity Screen/World
Color Converter
JSON Formatter
Base64
Unix Timestamp
px / rem
URL Encode
Regex Tester
JWT Decode
Hash Generator
UUID Generator
Color Contrast
CSS Gradient
CSS box-shadow
QR Code
Markdown Formatter
Text Diff
HTML Escape
Lorem Ipsum
Password Generator
Case Converter
YAML ↔ JSON
Fluid Typography
Aspect Ratio
Golden Ratio
Silver Ratio
CSS Grid
Glassmorphism
Line-height
RGBA ↔ HEX
Tailwind Color
JSON to CSV
Markdown Table
Minify
Character Count
Remove Duplicates
OGP Preview
Favicon Generator
.htaccess Generator
robots.txt Generator
SSL Certificate Check
DNS Record Check
User-Agent Display
Bug Report Support
Image Compress / WebP
SQL Formatter
Image Color Picker
LLM Token Counter
Dummy Image Generator
Image Resize
Escape Sequence
.env Formatter
Color Name Search
MD5 Hash
Lua Formatter

View all tools →

HTML Escape/Unescape

Escape and unescape HTML special chars. XSS prevention, text display.

▶About this tool

This tool escapes and unescapes HTML special chars in one click. Three features: 1) Escape to < > & etc., unescape to restore, 2) XSS prevention and safe user input display, 3) All processing in browser—no data sent to server.

Input

Output

Usage

Enter text in the input field
Click Escape for entity refs or Unescape to restore
Use for XSS prevention when displaying user input safely

When to use

XSS prevention when displaying user input, escaping HTML in JSON, template output check.

Tools

Tool interface

Usage

When to use

Examples