Free HTML Unescape - Decode Entities Online

Decode HTML entities back to plain characters instantly in your browser.

Input

Mode:

Output

What Is HTML Unescaping?

HTML unescaping converts HTML entity sequences back into their original characters. If you've ever pulled content from a REST API or scraped data from a CMS and ended up with &, <, and " everywhere, you know the pain. These entities are necessary for safe HTML rendering (as outlined in the HTML Living Standard), but they make raw text unreadable. This tool converts them back so you can work with the actual content.

This tool starts in Unescape mode. Switch to Escape mode to convert special characters into HTML entities. Everything runs in your browser.

How to Use This Tool

1

Mode is Set to Unescape

This tool starts in Unescape mode. Switch to Escape if you need to convert characters to entities instead.

2

Paste or Upload Text

Paste your text or HTML into the left editor, or use Upload to load a file. Click Sample to try an example.

3

Copy or Download Result

The right panel updates automatically. Use Copy or Download to save the result. To format HTML, try the HTML Formatter tool.

HTML Escape Examples

Escaping converts special characters to HTML entities so they render as text:

Raw input (with special characters)

Input

Escaped output (HTML entities)

Output

When HTML Escaping Matters

When you display user-provided content in HTML, you must escape it first to prevent Cross-Site Scripting (XSS) attacks. An attacker could inject <script> tags or event handlers that execute arbitrary JavaScript. Escaping renders those characters harmless as text.

Escaping is the reverse operation: it converts plain characters to HTML entities to prevent XSS. See the HTML Escape tool.

Frequently Asked Questions

What HTML entities does this tool decode?

It decodes all named entities (&amp;, &lt;, &gt;, &quot;, &#39;) and numeric entities (like &#8212; for em dash). The full list of named entities is defined in the HTML Living Standard.

Is my data sent to a server?

No. Everything runs in your browser using JavaScript. No data leaves your machine. You can verify this in your browser's Network tab.

When should I unescape vs escape HTML?

Unescape when you need to read or display the original text — for example, processing API responses or database exports that contain entities. Escape when inserting user content into HTML to prevent XSS attacks.

Can I use this for bulk text processing?

Yes. Paste any amount of text with HTML entities and the tool will decode all of them at once. For very large texts (100MB+), a command-line tool like PHP's html_entity_decode or Python's html.unescape() may be more practical.

Related Tools

HTML Unescape HTML Formatter JSON Escape HTML Minifier XML Escape

The HTML Living Standard defines character references. MDN on HTML entities. The OWASP XSS guide explains why escaping matters for security.