Developer Tools
HTML Entity Encoder & Decoder
Use our free HTML Entity Encoder/Decoder to convert special characters to HTML entities and back. Prevent XSS attacks and display HTML safely.
Encode & Decode HTML Entities
Convert special characters like <, >, &, " to their HTML entity equivalents and back. Essential for preventing XSS and displaying HTML safely.
How to Use
- Enter HTML/text on the left, click Encode
- Or paste entities on the right, click Decode
- Preview shows how the decoded HTML renders
- Copy results with the copy buttons
Common Use Cases
- Prevent XSS attacks
- Display code in HTML
- Escape user input
- Email templates
- CMS content
- Decode scraped data
Common HTML Entities
| Character | Entity Name | Entity Number | Description |
|---|---|---|---|
| & | & | & | Ampersand |
| < | < | < | Less than |
| > | > | > | Greater than |
| " | " | " | Double quote |
| ' | ' | ' | Single quote |
|   | Non-breaking space | |
| © | © | © | Copyright |
| ® | ® | ® | Registered |
FAQ – HTML Entity Encoder
What are HTML entities?
HTML entities are special codes that represent characters which have meaning in HTML (like < and >) or aren't on a standard keyboard (like © and €).
Why encode HTML entities?
To prevent browsers from interpreting special characters as HTML tags. This prevents XSS attacks and ensures text displays correctly.
What is XSS?
Cross-Site Scripting (XSS) is a security vulnerability where attackers inject malicious scripts through unescaped user input. HTML encoding prevents this.
Is my data safe?
Yes. All processing happens in your browser. Nothing is sent to any server.
Named vs numeric entities?
Named entities (&) are readable but limited. Numeric entities (&) work for any Unicode character. Both produce the same result.
When should I encode?
Always encode user-generated content before inserting into HTML. This includes form inputs, comments, usernames, and any untrusted data.