tag and ensuring quotes do not break out of the JSON context. HTML entity escaping alone is not sufficient — use JSON.stringify and ensure the string is placed correctly."}}]}

HTML एस्केप

HTML विशेष वर्णों को एस्केप या अन-एस्केप करें।

डेवलपर टूल्स

HTML एस्केप का उपयोग कैसे करें

  1. 1अपना टेक्स्ट या HTML पेस्ट करें
  2. 2HTML एंटिटी एन्कोड करने के लिए एस्केप क्लिक करें, या डीकोड के लिए अनएस्केप
  3. 3परिणाम कॉपी या डाउनलोड करें

HTML एस्केप के बारे में

HTML एस्केप/अनएस्केप HTML में विशेष अर्थ रखने वाले वर्णों को HTML एंटिटी में बदलता है।

HTML एस्केप की मुख्य विशेषताएं

  • Escape the five core HTML special characters: &, <, >, ", '
  • Unescape HTML entities back to their original characters
  • Prevents XSS vulnerabilities when inserting text into HTML
  • Handles named entities (&amp;, &lt;, &gt;, &quot;, &#39;)
  • One-click copy for escaped and unescaped output
  • Works entirely in-browser — no data is sent to any server
  • Instant conversion with real-time output
  • Useful for rendering code examples and user-generated content safely

समर्थित फॉर्मेट

इनपुट फॉर्मेट

विशेष वर्णों वाला सादा टेक्स्टएंटिटी संदर्भों के साथ HTMLकोड स्निपेटउपयोगकर्ता-जनित सामग्री

आउटपुट फॉर्मेट

HTML-एस्केप्ड टेक्स्टडीकोडेड सादा टेक्स्ट

HTML5 विनिर्देश के अनुसार पांच मूल HTML विशेष वर्णों को एस्केप करता है।

उदाहरण

Escape a code snippet for display in HTML

Make source code render as text rather than being parsed as HTML tags.

इनपुट

<div class="box">Hello & World</div>

आउटपुट

&lt;div class=&quot;box&quot;&gt;Hello &amp; World&lt;/div&gt;

Unescape HTML entities from a database record

Convert stored HTML entities back to readable characters for editing.

इनपुट

It&apos;s a &quot;great&quot; day &amp; we&apos;re happy

आउटपुट

It's a "great" day & we're happy

सामान्य उपयोग के मामले

  • Safely inserting user-generated content into HTML templates to prevent XSS
  • Displaying code examples in blog posts without them being parsed as HTML
  • Preparing text for insertion into HTML email templates
  • Decoding HTML entities stored in databases for editing
  • Converting API response text containing entities to readable strings
  • Escaping strings before inserting them into innerHTML calls

समस्या निवारण

Entities appear double-encoded like &amp;amp;

समाधान

The text was already escaped before you escaped it again. Unescape first to get the original characters.

Not all special characters are being escaped

समाधान

This tool escapes the five core HTML characters. Extended entities like &copy; or &nbsp; are not in scope.

Unescaping does not convert all entities

समाधान

This tool handles the five core entities. Rare named entities like &rarr; may not be decoded — use a full HTML parser for comprehensive decoding.

अक्सर पूछे जाने वाले प्रश्न

Why escape HTML?

Unescaped characters like < and > are interpreted as HTML tags. Without escaping, user-submitted text containing <script> tags can execute arbitrary JavaScript — a cross-site scripting (XSS) attack.

Which characters are escaped?

The five core HTML special characters: & → &amp;, < → &lt;, > → &gt;, " → &quot;, ' → &#39;.

What is the difference between HTML escaping and URL encoding?

HTML escaping converts characters to HTML entities for safe rendering inside HTML. URL encoding converts characters to %XX hex format for safe use in URLs.

Should I escape or sanitize user content?

For displaying user content as plain text in HTML, escaping is sufficient. If you need to allow some HTML tags, use a trusted HTML sanitizer library.

Is HTML escaping enough to prevent XSS?

Escaping is the primary defense when inserting text into HTML content. However, the correct escaping strategy depends on context — JS strings, HTML attributes, and URLs each require different rules.

What does &amp;amp; mean?

&amp;amp; is a double-encoded ampersand — it renders as &amp; in the browser. This usually occurs when content is escaped twice.

Is my data sent to a server?

No. All escaping and unescaping is performed in your browser using JavaScript string replacement.

Can I use this to prepare content for JSON inside HTML?

For JSON in HTML (e.g., inside a <script> tag), use JSON.stringify and ensure the string is placed correctly. HTML entity escaping alone is not sufficient.