HTML Escape Tool in Go — DevToolsForYou

HTML Escape Tool in GoUse the online tool →

HTML escaping converts special characters like <, >, &, and " into their HTML entity equivalents (<, >, &, ") to prevent XSS attacks and ensure correct rendering. Here is how to escape and unescape HTML in each language.

Go's html package provides EscapeString and UnescapeString. Both handle the five critical HTML characters.

Also in:JavaScript / Node.js Python Java PHP Ruby Rust C# / .NET

package main

import (
    "fmt"
    "html"
)

func main() {
    raw := `<script>alert("xss")</script> & "quotes"`

    // Escape
    escaped := html.EscapeString(raw)
    fmt.Println(escaped)
    // &lt;script&gt;alert(&#34;xss&#34;)&lt;/script&gt; &amp; &#34;quotes&#34;

    // Unescape
    unescaped := html.UnescapeString(escaped)
    fmt.Println(unescaped)
    // <script>alert("xss")</script> & "quotes"
}

Notes & gotchas

html.EscapeString escapes the five critical characters: <, >, &, ', and ". It uses numeric entities (") for quotes.
Go's html/template package auto-escapes content by default — only use template.HTML to mark pre-escaped strings.
For attribute values, use html.EscapeString; for URL values, use url.QueryEscape or url.PathEscape instead.

Try it in your browser

Need to html escape/unescape without writing code? The HTML Escape Tool runs entirely in your browser — paste your input and get the result instantly. No signup, no install, no data sent to a server.

Open HTML Escape/Unescape →

HTML Escape Tool in other languages

HTML Escape Tool in JavaScript / Node.js

HTML Escape Tool in Python

HTML Escape Tool in Java

HTML Escape Tool in PHP

HTML Escape Tool in Ruby

HTML Escape Tool in Rust

HTML Escape Tool in C# / .NET

HTML Escape Tool in Go — Code Examples