Turn special characters into safe HTML entities, or decode entities back to plain text.
Uses DOM escaping and textarea decoding—handy for safe HTML or debugging escapes.