DevToolsForYou
Private by defaultRuns in your browser

HTML escape / unescape

Convert special characters into safe HTML entities or decode existing entities back into readable text in a simple browser-based workspace.

Quick samplesUseful for testing
Related toolsAll Encoding & security

Base64 Encoder and Decoder

Encode text to Base64 or decode Base64 back into readable text with Unicode-safe support.

URL Encoder and Decoder

Encode or decode URLs, query strings, and parameter values for safe transport across the web.

JWT Encoder and Decoder

Decode JWTs and generate signed or unsigned tokens in the browser.

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text input.

Binary / Hex / Octal Converter

Convert numbers between binary, octal, decimal, and hexadecimal instantly — see all four bases at once.

Password Generator

Generate secure random passwords with configurable length, character sets, and a built-in strength indicator.

Password Strength Checker

Check password strength with entropy calculation, character composition analysis, and estimated crack times at different attack speeds.

HTTP Request Builder

Build, send, and inspect HTTP requests with custom headers, query params, and body — all in your browser.

HTTP Request Replay

Paste a curl command or raw HTTP request, edit any field, and replay it instantly. Supports all common curl flags, multi-line commands, and raw HTTP request format.

cURL to Code Converter

Convert any curl command into runnable code in JavaScript, Python, PHP, Go, Ruby, or Java — no signup required, all processing in the browser.

Base64 File Encoder / Decoder

Encode any file or text to Base64, or decode Base64 back to its original form. Supports images, PDFs, certificates, and any binary file — fully in-browser.

JWT Expiry Visual Timeline

Paste a JWT and see its lifecycle on a visual timeline — issued, not-before, expiry, and current time. All claims decoded inline, status shown at a glance.

HTML Escape/Unescape

About this tool

Escape HTML special characters to entities (< & "), or unescape entities back to readable text. Runs in your browser — no signup, no install.

Convert special characters into safe HTML entities or decode existing entities back into readable text in a simple browser-based workspace.

No signup requiredRuns in your browserInstant results
How to use
  1. 1

    Paste your text or HTML into the input field.

  2. 2

    Select Escape to convert special characters to HTML entities, or Unescape to convert entities back to characters.

  3. 3

    The result appears instantly — safe to paste into HTML attributes or templates.

  4. 4

    Click Copy to copy the output.

Why use this tool?

  • Escape snippets before rendering user content inside templates or docs.

  • Decode copied entity strings back into readable HTML or text.

  • Review how markup-safe content should look before publishing or embedding.

ExamplesInput → output

Escape HTML special characters

Input<script>alert('xss')</script>
Output&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;

Escape an attribute value

InputSay "hello" & goodbye
OutputSay &quot;hello&quot; &amp; goodbye

Unescape HTML entities

Input&lt;h1&gt;Hello &amp; World&lt;/h1&gt;
Output<h1>Hello & World</h1>
Frequently asked questionsCommon questions answered

These answers explain common html escape/unescape tasks, expected input formats, and edge cases so both visitors and search engines can understand what this tool does.

What does HTML escaping do?

HTML escaping converts characters like <, >, &, quotes, and apostrophes into entity form so they render as text instead of being interpreted as markup.

When should I unescape HTML entities?

Unescape when you have copied encoded content such as &lt;div&gt; or &amp; and you want to inspect the readable text or markup it represents.

Does HTML escaping make content fully secure?

It helps render text safely in HTML contexts, but full security still depends on the exact output context, templating system, and application behavior.

Can I use this tool for code snippets in docs or blogs?

Yes. It is useful for converting markup-heavy snippets into entity form so they display correctly inside documentation, CMS editors, and tutorials.

Code examplesUse this tool in your code

In browsers, create a temporary DOM element to escape HTML reliably. In Node.js, use a library like he or escape manually.

JavaScript / Node.jsBrowser
// Escape using a temporary DOM element (most reliable in browsers)
function escapeHtml(str) {
  const div = document.createElement("div");
  div.appendChild(document.createTextNode(str));
  return div.innerHTML;
}

function unescapeHtml(str) {
  const div = document.createElement("div");
  div.innerHTML = str;
  return div.textContent ?? "";
}

const raw = '<script>alert("xss")</script> & "quotes"';
console.log(escapeHtml(raw));
// &lt;script&gt;alert("xss")&lt;/script&gt; &amp; "quotes"
See full JavaScript / Node.js examples →
Use html escape/unescape in:JavaScript / Node.jsPythonGoJavaPHPRubyRustC# / .NET
Related cheatsheetsAll cheatsheets →

HTML Entities Cheatsheet

A quick reference for HTML character entities — essential escapes, symbols, currency signs, arrows, and special typographic characters.

View cheatsheet →
Related guidesAll guides →

How HTML Escaping Works

A practical guide to HTML escaping — why it matters for security, which characters to escape, when to use it, and how XSS happens when you skip it.

Read guide →