HTML Entity Encoder / Decoder
Encode special HTML characters into entities or decode entities back to text.
What is HTML Entity Encoder / Decoder?
HTML Entity Encoder / Decoder converts special characters to their HTML entity equivalents (e.g. < ↁE<)
and decodes them back. This prevents XSS (cross-site scripting) vulnerabilities when rendering user-supplied content in HTML.
How to use
- Paste your text into the input box.
- Click Encode to convert special HTML characters to entities.
- Click Decode to convert HTML entities back to characters.
- Copy the result with the Copy button.
Common HTML entities
&ↁE&<ↁE<>ↁE>"ↁE"'ↁE' ↁEnon-breaking space
FAQ
- Why do I need to encode HTML entities?
- Characters like
<,>, and&have special meaning in HTML. If user input containing these characters is inserted into HTML without encoding, a browser may execute it as code — a cross-site scripting (XSS) attack. - Should I encode all characters?
- Generally you only need to encode the five critical characters:
&,<,>,", and'. Over-encoding regular text can make it harder to read in source code. - What is the difference between named and numeric entities?
- Named entities like
&use a descriptive name. Numeric entities like&(decimal) or&(hex) use the Unicode code point. Both represent the same character.
Overview
Encode special characters into HTML entities and decode entities back to plain text. Essential for safely displaying code snippets, user input, and markup examples in web pages.
How to use
- Paste text containing special characters or HTML entities.
- Click Encode to convert characters like < > & into entities, or Decode for the reverse.
- Copy the converted result.
Examples
-
Show code in a blog post
Input: <div class="box">
Output: <div class="box">
-
Decode scraped text
Input: Fish & Chips
Output: Fish & Chips
Notes
- Encoding user input before inserting it into HTML helps prevent XSS attacks.
- Entities can be named (&), decimal (&), or hexadecimal (&).
- All conversion happens locally in your browser.
FAQ
- Why encode HTML entities?
- Characters like <, >, and & have special meaning in HTML. Encoding them makes browsers display them as text instead of interpreting them as markup.
- Does this prevent XSS by itself?
- Encoding output is one important layer. Combine it with proper templating, validation, and a Content Security Policy.
- Is my text uploaded?
- No. Encoding and decoding run entirely in your browser.
Embed this tool
Paste this iframe into any HTML page to embed HTML Entity Encoder / Decoder on your site:
Related Tools
-
UUID Generator
Generate random UUID v4 identifiers for apps, APIs, and databases.
-
Unix Timestamp Converter
Convert Unix timestamps to readable dates and dates back to Unix time.
-
JSON Formatter & Validator
Format and validate JSON with readable indentation and clear parse errors.
-
Hash Generator (SHA-256 / SHA-1)
Generate common text hashes including SHA-256 and SHA-1.
-
Regex Tester
Test regular expressions with flags and inspect all matches with capture groups.