Encode or decode HTML entities online. Escape &, <, >, " and ' to display HTML as text, or decode entities back.
Escape characters that have special meaning in HTML (&, <, >, ", ') into entities so user content displays as text instead of markup — or decode entities back to characters. A quick guard against accidental markup and a building block against XSS.
To show characters like < and > literally and to stop user-supplied text being interpreted as HTML/JS. Escaping output is a core defense against cross-site scripting (XSS).
The five that matter for HTML: & → &, < → <, > → >, " → " and ' → '.