HTML Entities

Escape HTML special characters as entities (& < > "), or decode entities to plain text.

Monitor this automatically

NetTests can run this check on a schedule, preserve historical results, compare changes over time, and alert you the moment something breaks.

Start monitoring free → See all monitoring products

Frequently Asked Questions

What are HTML entities?

HTML entities are text representations of characters that have special meaning in HTML. For example < represents <, & represents &, and " represents a double quote. They prevent the browser from interpreting the characters as HTML markup.

Why is HTML escaping important for security?

Inserting user-supplied text into HTML without escaping creates Cross-Site Scripting (XSS) vulnerabilities. An attacker can inject <script> tags that run arbitrary JavaScript in other users' browsers. HTML escaping is the primary defence: always escape untrusted data before rendering it in HTML templates.

Which characters get escaped?

The five critical characters: <&lt;, >&gt;, &&amp;, "&quot;, and '&#x27;. Most templating engines (Jinja2, Django, React JSX) do this automatically — manual escaping is only needed when bypassing the auto-escape.