100% browser-based · Named entities · Attribute-safe

HTML Escape

Escape the five special HTML characters — &, <, >, ", ' — as named entities. Safe to drop into HTML body text or attribute values. For more control (numeric / non-ASCII) use the HTML Entity Encode tool.

Plain text

Escaped HTML

Escape options

Use ' for apostropheOff: use ' (broader browser support) Auto-escapeRe-run on every input change

Reverse (Unescape)

Input size

0 B

Output size

0 B

Ratio

—

Status

Ready

Example

Text in, escaped HTML out

The five special characters become named (or numeric) entities. Everything else — including Unicode — passes through unchanged.

Plain text

<a href="x">Hello & 'world'</a>

Escaped HTML

&lt;a href=&quot;x&quot;&gt;Hello &amp; &#39;world&#39;&lt;/a&gt;

Use cases

What you'll use this for

The minimal-5 escape set is the safe everyday quick fix for rendering arbitrary text inside HTML.

User-generated content

Escape user text before rendering in HTML.

Templates

Escape variable values before interpolating into HTML.

Email templates

Safe interpolation in HTML email bodies.

Code comments

Render <tag> snippets as readable text in HTML pages.

Step by step

How to HTML-escape text

Paste your text

Drop raw text into the left editor. Anything goes — Unicode, line breaks, code snippets.

Pick apostrophe style

Default uses ' (universal). Toggle on for ' if you target XHTML/XML.

Click Escape

Or leave auto-escape on for live updates. Everything runs locally — no upload.

Copy or download

Copy to clipboard or save as .html. Or jump to HTML Unescape for the reverse.

FAQ

Frequently asked questions

Which characters does it escape?

The five HTML-special characters: &, <, >, ", '. Everything else passes through unchanged.

Why ' instead of '?

' isn't valid in HTML 4 (only in XHTML). ' works everywhere. Toggle if you want the named version.

Is it free?

Yes.

What about Unicode chars?

Pass through as-is — they're safe in HTML 5 with UTF-8. For numeric encoding of non-ASCII, use HTML Entity Encode.

Reverse?

HTML Unescape.

About

About HTML escaping

HTML escaping replaces the handful of characters that have syntactic meaning inside HTML markup with named or numeric character references — so the browser renders them as text instead of parsing them as tags, attribute boundaries, or entity prefixes. The minimal "safe-five" set covers everything you need for general-purpose escaping of text destined for body content or attribute values.

The five characters

& → & — must be first to avoid double-escaping.
< → < and > → > — tag boundaries.
" → " — for double-quoted attribute values.
' → ' (or ') — for single-quoted attribute values.

When to use this vs HTML Entity Encode

HTML Escape (this tool) — the safe everyday quick fix. Only touches the five reserved characters. Output stays human-readable.
HTML Entity Encode — more powerful. Can also numerically encode every non-ASCII character, useful for legacy systems or aggressive defense-in-depth.