unescape()
unescape(
str):string
Unescapes HTML entities to their corresponding characters.
Unescapes &, <, >, ", and '.
Parameters
str: string
The string to unescape.
Returns: string
The unescaped string.
See Also
Since
2.0.0
Performance
O(n) time where n is string length. Single regex pass with object lookup.
Also known as
unescape (Lodash, es-toolkit) · unescapeHtml (Modern Dash) · ❌ (Remeda, Radashi, Ramda, Effect, Antfu)
Example
unescape('<div>'); // => '<div>'
unescape('a & b'); // => 'a & b'
unescape('"hello"'); // => '"hello"'
unescape(''quoted''); // => "'quoted'"
// Roundtrip with escape
const original = '<script>alert("XSS")</script>';
unescape(escape(original)) === original; // => true
How it works?
Converts HTML entities back to their corresponding characters.
Inverse of escape.
Entity Mapping
| Entity | Character |
|---|---|
& | & |
< | < |
> | > |
" | " |
' | ' |
Use Case
Use Cases
Decode API responses for display 📌
Convert HTML entities from API content back to readable characters. Essential when displaying user-generated content stored with HTML encoding.
unescape("Tom & Jerry");
// => "Tom & Jerry"
Process CMS content for rendering 📌
Restore original characters from CMS or WYSIWYG editor output. Critical for headless CMS integrations where content comes pre-escaped.
unescape("<p>Welcome!</p>");
// => "<p>Welcome!</p>"
Roundtrip with escape for data integrity
Verify data integrity by ensuring escape/unescape roundtrips preserve content.
const original = '<script>alert("XSS")</script>';
unescape(escape(original)) === original; // => true