HTML Escape and Unescape Tool

Escape text for HTML text nodes and attributes, or decode HTML entities back to readable text.

What it does

HTML escaping replaces characters that have special meaning in markup with entities. This keeps text such as angle brackets, ampersands, and quotes from being interpreted as tags or attributes.

Unescaping reverses that process for common named entities and numeric entities, which is useful when logs, API responses, or copied page content contain encoded HTML.

Common uses

  • Escape user-visible text before placing it inside HTML snippets, docs, examples, or generated templates.
  • Decode HTML entities from logs, CMS exports, scraped text, and API payloads when you need readable text.
  • Use it to inspect entity-heavy content without sending the text to a remote service.

Watch outs

  • Escaping is not sanitizing. It does not remove dangerous tags from existing HTML.
  • HTML has many named entities. This tool decodes the common named entities plus decimal and hexadecimal numeric entities.
  • Context still matters. URLs, JavaScript, CSS, and HTML each have different escaping rules.

Privacy

HTML escaping and unescaping runs in your browser. The input text is not sent to Crypto Lambda.

FAQ

Is HTML escaping the same as sanitizing HTML?

No. Escaping turns text into safe markup text. Sanitizing removes or rewrites risky HTML elements and attributes from markup that should remain HTML.

Does this decode numeric entities?

Yes. Decimal entities such as `'` and hexadecimal entities such as `'` are decoded locally.

Why does an apostrophe become `'`?

`'` is widely supported in HTML and keeps apostrophes safe in quoted attribute values.

Related tools