About HTML entity tools
Web pages treat certain characters as markup delimiters. When you embed user-generated text inside HTML attributes or template literals, you must escape those characters so browsers do not interpret them as tags. Conversely, when you import legacy HTML snippets into React or Vue, you often need to decode entities back to Unicode for editing.
This page offers bidirectional helpers: Escape applies the canonical replacements for ampersands, angle brackets, and both quote styles. Unescape leverages the browser’s HTML parser through a detached textarea so numeric entities like ' and named entities like resolve correctly.
Common scenarios
- Preparing copy for CMS fields that accept raw HTML but not arbitrary script tags.
- Decoding email fragments before analysis.
- Sanity-checking double-encoding bugs (
&) in localization files.
How to use this page
- Paste the string you need to transform.
- Choose Escape before inserting into HTML or XML contexts.
- Choose Unescape when you start with encoded entities.
- Use Swap to bounce output back into the editor for chained fixes.
Security reminder
Decoding entities does not sanitize JavaScript. Never write decoded user content into innerHTML without a dedicated sanitizer.
Frequently asked questions
- Does escape cover every Unicode character?
- It covers the dangerous structural characters. Other symbols pass through unchanged.
- Why does unescape differ from Python’s html.unescape?
- Browser parsers follow HTML living-standard rules, which may differ slightly from other runtimes.
- Is data uploaded?
- No. Both directions run locally.
- Can I escape for XML attributes?
- Yes for basic cases, but XML may require additional entity definitions depending on your schema.