Unescape HTML
Table of Contents
Unescape HTML — decode HTML entities online
Unescape HTML — decode HTML entities online
Working on: unescape-html
PicoToolkit converts HTML entities back to their characters so code snippets and pasted content become readable. This tool decodes common named entities (like <, >, &). Numeric entities that start with &# (decimal or hex, for example π or π) are not supported and will remain unchanged.
How to use
- Paste the text that contains HTML entities into the editor.
- Open the menu: Encode → Unescape HTML (or press the Unescape button).
- Copy the unescaped output for editing, export, or follow-up tools.
What the tool decodes
- Named entities — common names such as
<,>,&,", are converted to their characters. - Numeric entities — decimal (
{) and hex ({) entities are not supported by this tool and will be left unchanged in the output. - Malformed entities — entities that are not properly formed (for example missing the trailing semicolon) are not decoded and are left unchanged.
Examples (copyable)
Named entities (decoded)
Input: <div>Hello & welcome <guest></div> Output:
Numeric entities (NOT decoded)
Input: Pi: π Euro: € Smile: 😊 Output (unchanged): Pi: π Euro: € Smile: 😊 Note: numeric entities beginning with &# remain as text. Use a local script or a tool that supports numeric entity decoding if you need these converted.
Malformed entities (not decoded)
Input:
This is broken: <div (missing semicolon)
Also broken: { (no semicolon)
Output:
This is broken: <div
Also broken: {
Note: malformed sequences remain as-is; ensure entities end with a semicolon for proper decoding.
Security alert
Warning: unescaping entities can restore HTML tags and potentially reintroduce scripts or unsafe content. Do not unescape untrusted user input without sanitizing afterwards. If you need to remove tags after unescaping, run HTML stripper or keep content escaped when inserting into web pages.
Related workflows
- Unescape → HTML stripper — decode named entities, then remove tags for safe plain text.
- Unescape → URL Extractor — decode entities first so link hrefs/text are easier to extract.
- Unescape → HTML to CSV Converter — decode cell entities before converting tables to CSV (only for named entities).
- To reverse: use Escape HTML to turn characters back into entities.
Tips & edge cases
- The tool decodes common named entities but does not decode numeric entities (decimal or hex).
- Decoding is idempotent for well-formed named entities — running the tool twice will not change already-decoded characters.
- Character encoding: output is UTF‑8 in the browser; named entities are converted to their characters when supported by the browser/font.
- If you need to extract href URLs from anchors after unescaping, follow with URL Extractor.
FAQ
Which numeric entities are supported?
Numeric entities (decimal &#... and hex &#x...) are not supported and will remain unchanged. The tool only decodes named entities.
What happens with malformed entities?
Malformed entities (for example missing the trailing semicolon) are not decoded and remain unchanged in the output. Fix or normalize the input so each entity ends with a semicolon.
Can unescaping introduce security risks?
Yes. Unescaping can restore HTML and script tags. Only unescape trusted content or run HTML stripper or other sanitization steps afterward to remove potentially unsafe tags.
Does this convert everything to UTF‑8?
Output is UTF‑8 in the browser. Named entities are converted to their corresponding characters when the browser and font support them.