Escape and unescape HTML entities — prevent XSS
Processed entirely in your browser — no data is sent to any server