Which characters must be escaped in HTML?

At minimum &, in text content, plus " (and sometimes the apostrophe) inside attribute values. Escaping these prevents the browser from misinterpreting your content as markup.

Answer

How to escape HTML special characters

Encode and decode HTML entities so text displays literally instead of being parsed as markup.

Escaping converts characters that have meaning in HTML — <, >, &, and " — into entities (<, >, &, ") so a browser renders them as text instead of interpreting them as tags. This prevents broken markup and is a basic XSS safeguard.

Input

<a href="x">Tom & Jerry</a>

Output

&lt;a href=&quot;x&quot;&gt;Tom &amp; Jerry&lt;/a&gt;

Decode reverses it. Always escape "&" first so existing entities are not double-encoded.

Open the HTML Entity → Free · runs in your browser · nothing uploaded

Steps

Open the HTML Entities tool and choose Encode (escape) or Decode (unescape).
Paste your text or HTML into the input.
Copy the escaped output to safely embed it in HTML.
Use Decode to turn entities like & back into the literal characters.

Frequently asked questions

Which characters must be escaped in HTML?: At minimum &, <, and > in text content, plus " (and sometimes the apostrophe) inside attribute values. Escaping these prevents the browser from misinterpreting your content as markup.

← All answers