HTML Entities Encoder & Decoder

Convert HTML special characters to their entity equivalents and back. All processing is done in your browser.

HTML / Text to Encode

Encode extended characters (non-ASCII → &#xxx;)

Encoded Output

HTML Entities to Decode Decoded Output

Common HTML Entities

Character	Entity Name	Entity Number
`<`	`<`	`<`
`>`	`>`	`>`
`&`	`&`	`&`
`"`	`"`	`"`
`'`	`'`	`'`
(non-breaking)	` `	` `
`©`	`©`	`©`
`®`	`®`	`®`

Frequently Asked Questions

HTML has reserved characters like <, >, and & that the browser interprets as markup. To display them as literal text you must encode them as entities. This is also a critical security practice to prevent Cross-Site Scripting (XSS) attacks when outputting user-supplied content in HTML.

Named entities use a word reference like & or © — easier to read but only defined for specific characters. Numeric entities use the Unicode code point (& decimal or & hex) and can represent any Unicode character.

How HTML Entity Encoding Works

HTML entity encoding replaces special characters with safe sequences so the browser renders them as text rather than interpreting them as markup.

Scan for Reserved Characters

The input is scanned character by character. HTML's five reserved characters — &, <, >, ", and ' — must always be encoded to be safe in HTML context.

Replace with Entities

Each reserved character is replaced with its named entity (e.g., < → <). Optionally, non-ASCII characters are also replaced with numeric entities (&#xxx;).

Safe for HTML Insertion

The encoded string can be inserted into any HTML context — inside tags, attributes, or text nodes — without risk of breaking the document structure or triggering XSS.

Common Use Cases

XSS Prevention

The most critical use of HTML entity encoding is neutralizing user-supplied input before rendering it in HTML. Encoding < and > prevents injected script tags from executing.

Code Samples in Documentation

When writing technical blog posts, READMEs, or wikis in HTML, code samples containing <tags> must be entity-encoded so they display as literal text rather than parsed HTML.

HTML Email Templates

Email clients are strict parsers. Dynamic content in email templates — names, addresses, product titles — must be entity-encoded to prevent accidental HTML breakage or injection.

CMS and Template Engines

Twig, Blade, and similar template engines auto-escape output by default. This tool helps verify how a template engine would encode a given value, or prepare raw HTML strings for insertion.

HTML Attribute Values

Dynamic values in HTML attributes (titles, alt text, data attributes) may contain quotes. Encoding " and ' prevents attribute injection attacks and malformed markup.

Decoding Received HTML

Some APIs or data sources return HTML-encoded text. Use the Decode tab to convert entities back to plain text for processing or display outside of HTML context.