TbTextbuntext tools
Runs locally

HTML Escape / Unescape

Convert text to safe HTML entities or decode entities back to text.

Input is processed in your browser and is not uploaded.

Mode

Output

Results appear here.

HTML escaping is useful when showing code examples, storing snippets, or safely displaying text inside markup. This tool also decodes common HTML entities for inspection. Lightweight, mobile-friendly, and built for quick repeat use.

Convert text at the boundary between data and HTML

HTML escaping prevents text from being interpreted as markup when it is displayed in a page. Unescaping helps inspect stored snippets, copied entities, and documentation examples. This tool is for text conversion and review, not a full HTML sanitizer.

Code examples

Escape snippets that contain <, >, &, and quotes before placing them inside documentation or example markup.

Stored text review

Decode entity-heavy text from CMS exports, templates, or copied source to see what users will read.

Template debugging

Check whether broken display text is caused by missing escaping, double escaping, or decoded markup.

Escape at the right moment

  1. 1Escape untrusted text when it is rendered into HTML, not as a replacement for validation.
  2. 2Unescape copied entities only when you need to inspect or transform the stored value.
  3. 3Watch for double escaping such as &amp;lt; when text has passed through multiple systems.
  4. 4Use a sanitizer, not this converter, when you intend to allow a subset of HTML tags.

Escaping example

<button data-id="7">Save & close</button>
&lt;button data-id=&quot;7&quot;&gt;Save &amp; close&lt;/button&gt;

The escaped output can be displayed as text without becoming an actual button.

Security boundaries

  • Escaping text is different from sanitizing rich HTML.
  • The correct escaping rules depend on context: HTML body, attribute, JavaScript, URL, and CSS differ.
  • Decoded HTML from unknown sources should not be injected directly into a page.

FAQ

What does HTML escaping do?+

It converts characters such as <, >, &, and quotes into HTML entities.

Can it decode HTML entities?+

Yes. Switch to unescape mode to convert entities back into readable text.

Does escaping sanitize complete HTML?+

No. It is a text conversion tool, not a full HTML sanitizer.

Related tools

Encoding

URL Encode

Encode text so it can be safely used inside URLs.

Encoding

URL Decode

Decode percent-encoded URL text into readable characters.

Text

Markdown Preview

Write Markdown and preview the rendered result side by side.