Back to Developer Tools

HTML Escape & Unescape Tool – Security Focused & Free

Convert HTML special characters to entities and back for secure web content

Enter HTML or text
HTML entities or plain text

Quick Guide: Using This Tool

Paste your HTML or text in the left box, click Escape to make it safe for web display, or Unescape to convert entities back. It's that simple.

Escape when you need to safely display user content on a webpage
Unescape when you have stored escaped content and need the original HTML
Copy the result directly to your clipboard for immediate use

HTML escaping isn't magic—it's just a smart substitution that changes dangerous characters into safe codes. Think of it like writing a note about fire: "This paper is &lt;flammable&gt;" instead of "This paper is <flammable>". The browser reads the entities but doesn't act on them.

The Core Five Characters

These are the characters that cause real trouble in HTML:

Ampersand & → &amp;

The escape character itself needs escaping first

Less than < → &lt;

Starts HTML tags and scripts

Greater than > → &gt;

Closes HTML tags and scripts

Quote " → &quot;

Used in HTML attributes

Apostrophe ' → &#039;

Alternative for attribute values

The Order Matters

You can't escape characters randomly. The ampersand must be escaped first—otherwise, you'd create broken entities. It's like cleaning a dirty window: you wipe the big smudges before polishing the details.

Right way: Escape & first, then < and >
Wrong way: Escape < first, then & becomes &amp; but the < might already be processed

What About Other Characters?

You might see tools escaping forward slashes (/), equals signs (=), or even spaces. These usually aren't necessary for basic security. I've worked on codebases where developers escaped everything "just to be safe," only to create display issues with international characters or emojis. Stick with the five core characters unless you have a specific reason to escape others.