HTML escape / unescape

POST /api/html-escape

Escape `<`, `>`, `&`, `"`, `'` to their HTML entities so user content can be safely embedded in HTML. Reverse direction also supported.

Replaces the five HTML-special characters (`<`, `>`, `&`, `"`, `'`) with their named or numeric entities so a piece of user text can be safely embedded inside HTML element content or attribute values. Set `direction: "unescape"` to reverse the operation — recovers the original text from an entity-encoded string. Both named and numeric (`&#xxx;`, `&#xXXXX;`) entities are understood. For untrusted input you typically want `html-sanitize` instead — this tool only escapes characters and does not strip dangerous markup.

Inputs

Name	Type	Default	Description
text*	string	—	The text to escape (or unescape).
mode	enum (escape \| unescape)	"escape"	`escape` (default) — convert specials to entities; `unescape` — reverse.

Response

Modes: json. Cache: yes (24h TTL).

Code samples

Built from the escape-basic example.


curl -X POST https://api.xtract.bot/api/html-escape \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -H "X-Account-Id: $XTRACT_ACCOUNT_ID" \
  -H "X-Api-Key: $XTRACT_API_KEY" \
  -d '{
  "text": "<a href=\"x\">Tom & \"Jerry\"</a>",
  "mode": "escape"
}'