Escape HTML

Example input/output

Input: <script>alert("XSS")</script>

Output: &lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt;

How it works

This tool replaces &, <, >, ", and ' with their HTML entity equivalents using JavaScript string replacement. The result is safe to embed in HTML attributes or text nodes without causing unintended markup. Processing runs in your browser.

Common use cases

• Escape HTML characters before injecting user content into a web page
• Prepare text for safe display in HTML to prevent XSS
• Convert ampersands and angle brackets for use in XML documents

Related tools

HTML Decode • HTML Encode • Escape JS • URL Encode