Htmlspecialchars FAQ

Usage from Address Bar

You can use direct access to this page from your browser address bar. Type string that you need to encode/decode with algorithm according to next schema:<TYPE:enc|dec>/<PHRASE> For example to visit page that contains encoded "<strong>" you can just visit url:<strong> The another cool thing is that you can specify "json" or "plain" mode into URL and you will get only encoded/decoded in response.
Schema of this future:<TYPE:enc|dec>.<OUTPUT:plain|json>/<PHRASE> Example:<strong> Will output: &lt;strong&gt;

Usage from Javascript

We have removed CORS restriction so you can use direct access to htmlspecialchars encode/decode in your javascript applications via AJAX.


var toEncode = '<strong>';
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function () {
  if (xhr.readyState == 4 && xhr.status == 200) {
    console.log('String "'+toEncode+'"'
                +' encoded with htmlspecialchars is'
                +' "'+JSON.parse(xhr.response)+'"'
};'GET', ''+encodeURIComponent(toEncode), true);
Will output: String "<strong>" encoded with htmlspecialchars is "&lt;strong&gt;"

Usage from PHP

You can use direct access to this function in your applications.

PHP Example:

    $str = '<strong>';
    $url =''.urlencode($str);
    $htmlencoded = file_get_contents($url);
    echo 'String "'.htmlspecialchars($str, ENT_QUOTES|ENT_IGNORE)
         .'" encoded with htmlspecialchars is "'
         .htmlspecialchars($htmlencoded, ENT_QUOTES|ENT_IGNORE).'"'
Will output: String "<strong>" encoded with htmlspecialchars is "&lt;strong&gt;"

How to make the same in PHP

    $str = '<script>';
    $htmlSpecialCharsEncodedStr = htmlspecialchars($str, ENT_QUOTES | ENT_IGNORE);
    $htmlSpecialCharsDecodedStr = htmlspecialchars_decode($htmlSpecialCharsEncodedStr, ENT_QUOTES);
    echo '<pre>';
    echo htmlspecialchars($str, ENT_QUOTES|ENT_IGNORE).PHP_EOL
         .' &rarr; '.htmlspecialchars($htmlSpecialCharsEncodedStr, ENT_QUOTES|ENT_IGNORE).PHP_EOL
         .' &rarr; '.htmlspecialchars($htmlSpecialCharsDecodedStr, ENT_QUOTES|ENT_IGNORE).PHP_EOL
    echo '</pre>';
Please read the privacy policy (agreement of the cookies usage, other websites embedded content, etc.). If you continue to use the site, we will assume that you agree with our privacy policy.
OkPrivacy Policy