JSONKit

HTML Escape / Unescape

Escape or unescape HTML entities including named, decimal, and hex numeric entities.

HTML Entity Reference

CharacterHTML EntityNamed Entity
&&ampersand
<&lt;less-than
>&gt;greater-than
"&quot;double quote
'&#x27;single quote
&nbsp;non-breaking space
©&#169;copyright
®&#174;registered
â„¢&#8482;trademark

When to Escape HTML

ContextRequiredReason
User-generated content in HTMLYesPrevents XSS attacks
Code samples in <pre> blocksYesAngle brackets would close tags
Attribute valuesYesQuotes can break attributes
JSON in HTML <script>PartialEscape </script> closing tag
Template literals in JSNoUse JS string escaping instead

Frequently Asked Questions

HTML escaping converts special characters to HTML entities so browsers display them as text rather than interpreting them as markup.

Yes — escaping user input before inserting it into HTML prevents reflected and stored XSS. Always escape on output, not on input storage.

&apos; is valid in XML but NOT in HTML4. Use &#x27; for maximum compatibility across HTML4, HTML5, and XML.

Emoji and most Unicode characters do not need escaping in UTF-8 HTML5. Only the 5 special characters (&, <, >, ", ') must be escaped.

Related Tools

JSON Escape / Unescape

Escape JSON to a string literal or unescape it

URL Encoder / Decoder

Encode or decode URLs — query, path, form encoding

Base64 Encoder / Decoder

Encode or decode Base64 — Standard, URL-safe, Raw

JSON Formatter

Beautify and format JSON with indentation

JSON Validator

Find syntax errors with line and column numbers

Regex Tester

Test regex patterns with match highlighting and RE2 notes