← Hashito System Home 日本語 Other tools
Input
How to use: Enter text and choose a mode at the top to see the result update on the right in real time. Escape converts & < > " ' into character entity references. Unescape converts entity references (such as &amp;) and numeric character references (&#39; / &#x27;) back into the original characters.
ResultCopied
Related tools: Base64 JSON Formatter Character Count UUID Generator
📖 We also offer free learning posters that illustrate how IP addresses and the web work. Take a look at the learning poster collection as well.

Frequently Asked Questions (FAQ)

What is HTML escaping?

HTML escaping means replacing characters that have a special meaning in HTML (& < > " ') with their corresponding character entity references (&amp; &lt; &gt; &quot; &#39;). This lets the browser display the characters literally instead of treating them as part of a tag or attribute. Unescaping is the reverse: it converts entity references back into the original characters.

Why is HTML escaping necessary?

If you embed external strings such as user input directly into HTML, characters like < and > can be interpreted as tags, breaking the layout or even allowing malicious scripts to run — a cross-site scripting (XSS) vulnerability. Escaping before output prevents broken layouts and lets you display the entered content safely.

Is the text I enter sent to a server?

No. The escape and unescape conversion happens entirely in JavaScript inside your browser. The text you enter is never sent to or stored on a server.

📖 Free learning posters for students →