Escape/unescape HTML entities

Escape ↔ unescape HTML entities

Runs locally in your browser with instant copy

Last updated: January 28, 2026

CreatorFrank Zhao

Escape html entities

Your string :

Your string escaped :

&lt;title&gt;IT Tool&lt;/title&gt;

Unescape html entities

Your escaped string :

Your string unescaped :

<title>IT Tool</title>

HTML entities are a small thing that can cause big headaches: a pasted snippet renders unexpectedly, a title breaks your markup, or a safe preview turns into real tags. This guide shows what “escape/unescape HTML entities” means, how to use the tool quickly, and how to avoid common mistakes.

→Introduction / overview
→How to use / quick start
→Step-by-step examples
→Real-world use cases
→Common scenarios
→Tips & best practices
→Calculation method / formulas
→Related concepts
→FAQs
→Limitations / disclaimers
→External references

Introduction / overview

This tool converts between two representations of the same text: raw characters (like $\texttt{<}$ ) and HTML entities (like $\texttt{\<}$ ). It helps you safely display text that might contain HTML, and it helps you decode entity-encoded content back to readable form.

Use Escape when you want to show text literally (for example in docs or previews). Use Unescape when you receive entity-encoded text (from logs, CMS exports, or API responses) and want to read or edit it.

Who is this for?

Developers previewing untrusted strings in HTML contexts.
Content editors fixing CMS text that contains entities like $\texttt{\&}$ .
Anyone copying code snippets into email/docs without accidentally turning tags into markup.

Related tools that pair well:URL Encoder/Decoder for safe transport of special characters in URLs, andText to Unicode when you need numeric character references.

How to use / quick start

Pick the direction: Escape (top) or Unescape (bottom).
Paste your text into the left input.
The converted output appears instantly in the right box.
Click the copy icon to copy the result.

What does it escape?

This tool focuses on the most common HTML-sensitive characters: $\texttt{&}$ , $\texttt{<}$ , $\texttt{>}$ , $\texttt{"}$ , and $\texttt{\'}$ .

\texttt{&} \to \texttt{\&amp;}\\ \texttt{<} \to \texttt{\&lt;}\\ \texttt{>} \to \texttt{\&gt;}\\ \texttt{"} \to \texttt{\&quot;}\\ \texttt{\'} \to \texttt{\&\#39;}

Step-by-step examples

Example 1: escape a title tag

Suppose you want to show the literal text of an HTML tag in documentation.

\texttt{Input}

=

\texttt{<title>IT\ Tool</title>}

\Rightarrow

\texttt{\&lt;title\&gt;IT\ Tool\&lt;/title\&gt;}

The output is safe to display inside HTML because the browser will render the characters instead of interpreting them as tags.

Example 2: unescape a snippet you received

If a CMS or API returns entity-encoded text, unescape it so you can read and edit it.

\texttt{Input}

=

\texttt{Tom\ \&amp;\ Jerry}

\Rightarrow

\texttt{Tom\ \&\ Jerry}

After unescaping, the ampersand becomes a normal character again.

Real-world use cases

Safe preview of user input

You want to show a preview of a user-supplied string without it turning into real HTML.

Input:

\texttt{<b>Hi</b>}

Output:

\texttt{\&lt;b\&gt;Hi\&lt;/b\&gt;}

Escape the input before rendering it in an HTML context.

Debugging encoded logs

Some logs or error messages include entities, especially when they pass through an HTML layer.

Input:

\texttt{Unexpected\ \&quot;\&gt;\&quot;}

Output:

\texttt{Unexpected\ ">"}

Unescape to see the exact characters that caused the bug.

Copying snippets into docs

You are writing documentation where you need tags to appear as plain text.

Input:

\texttt{<li>Item</li>}

Output:

\texttt{\&lt;li\&gt;Item\&lt;/li\&gt;}

Escape, then paste into your doc/knowledge base.

If you need to generate HTML from text, try Markdown to HTML after you finish preparing your content.

Cleaning CMS exports

Your CMS export contains entities and you need the raw text back for editing.

Input:

\texttt{R\&amp;D\ \&lt;2026\&gt;}

Output:

\texttt{R\&D\ <2026>}

Unescape first, then if you will put it back into HTML, escape again at render time.

Common scenarios / when to use

Rendering untrusted text

Escape before rendering if the text might contain tags or HTML-looking characters.

Preparing docs snippets

Escape tags so they show up as text in a wiki, ticket, or markdown preview.

Investigating weird output

Unescape to see the actual characters that were hidden behind entities.

Comparing two versions

Escape both strings to compare safely in tools that render HTML.

Cleaning up exports

Unescape text copied from CMS exports, then re-escape at the final render step.

Quick sanity-check

Spot whether a string contains real tags or literal angle brackets.

When it might not be the right tool: if you need to decode a wide set of named entities (beyond the common ones) or handle full HTML parsing. This tool targets a practical subset for everyday work.

Tips & best practices

Escape at the boundary

A reliable habit is to escape right before you render untrusted text into HTML. That keeps your stored data clean and your rendering safe.

Avoid double-decoding

If you unescape $\texttt{\&lt;}$ you should get $\texttt{\<}$ , not $\texttt{<}$ . That prevents surprising behavior when content is encoded multiple times.

Know what this tool covers

This tool covers a practical subset of entities. If your input contains many named entities, consider using a more specialized HTML entity library.

If you are preparing links, combine this with URL Encoder/Decoder to avoid breaking query strings.

Calculation method / formula explanation

Think of escaping as a deterministic replacement function. For a string $s$ , the escaped output is:

\mathrm{escape}(s) = s\;\text{with}\;\{\texttt{&},\texttt{<},\texttt{>},\texttt{"},\texttt{\'}\}\;\text{replaced by their entities}

Unescaping does the reverse replacement, but only for the specific entities this tool supports.

\mathrm{unescape}(\texttt{\&amp;lt;})

=

\texttt{\&lt;}

\neq

\texttt{<}

Variables and mapping

$s$ : the input string.
$\mathrm{escape}(s)$ : replaces characters with entities.
$\mathrm{unescape}(s)$ : reverses supported entities back to characters.

Related concepts / background info

What is an HTML entity?

An HTML entity is a text sequence that represents a character. For example, $\texttt{\<}$ is a way to represent $\texttt{<}$ inside HTML.

Escaping vs sanitizing

Escaping is about representation (show the text literally). Sanitizing is about removing or rewriting unsafe HTML. This tool escapes characters; it does not parse and sanitize HTML.

If you work with query strings, you may also want URL Encoder/Decoder because URL encoding and HTML entity escaping solve different problems.

Frequently asked questions (FAQs)

Does escaping make my app fully safe from XSS?

Escaping is a strong baseline for safely rendering text in HTML, but XSS prevention depends on context (HTML, attributes, URLs, scripts). Use context-aware escaping and your framework’s recommended patterns.

Why is \"\<\" not turning into \"<\"?

Because it is double-encoded. One unescape step should produce $\texttt{\<}$ , not $\texttt{<}$ . This avoids decoding more than you intended.

Does this tool support every named HTML entity?

No. It focuses on the most common characters that frequently break markup.

What about numeric character references?

For numeric entities like $\texttt{\&\#65;}$ , use Text to Unicode.

Should I escape before saving to the database?

Usually you store raw text and escape at render time. That keeps your data clean and avoids double-encoding.

What should I do if my input is a full HTML document?

If you need HTML parsing or sanitization, use a dedicated HTML parser/sanitizer. This tool is for string-level escaping/unescaping.

Limitations / disclaimers

This tool is designed for everyday developer workflows. It does not parse HTML, sanitize markup, or guarantee security in every execution context.

Not a substitute for security review

For security-sensitive use (XSS defense, sanitizing user-generated HTML), follow your framework and security team guidelines.

External references / sources

Related Calculators

Chronometer

Use a simple chronometer (stopwatch) to track elapsed time down to milliseconds. Runs locally in your browser.

Try Now

Email normalizer

Normalize email addresses to a standard format for easier comparison. Useful for deduplication and data cleaning. Runs locally in your browser.

Try Now

ETA calculator

Estimate the time needed to consume a total amount at a constant rate, and get an expected end time. Runs locally in your browser.

Try Now

JWT parser

Parse and decode your JSON Web Token (JWT) and display its content. All computation runs locally in your browser.

Try Now

MIME types

Know which file extensions are associated to a MIME type, and which MIME type is associated to a file extension. Includes a full MIME types table.

Try Now

Lorem ipsum generator

Generate random Lorem Ipsum placeholder text with customizable paragraphs, sentences, and word counts. Runs locally in your browser.

Try Now

Escape/unescape HTML entities

Escape html entities

Unescape html entities

Introduction / overview

How to use / quick start

Step-by-step examples

Real-world use cases

Common scenarios / when to use

Tips & best practices

Calculation method / formula explanation

Related concepts / background info

Frequently asked questions (FAQs)

Does escaping make my app fully safe from XSS?

Why is \"\&lt;\" not turning into \"<\"?

Does this tool support every named HTML entity?

What about numeric character references?

Should I escape before saving to the database?

What should I do if my input is a full HTML document?

Limitations / disclaimers

External references / sources

Related Calculators

Chronometer

Email normalizer

ETA calculator

JWT parser

MIME types

Lorem ipsum generator

Why is \"\<\" not turning into \"<\"?