HTML Entity Encoder/Decoder
HTML encoding converts special characters to entities to prevent XSS attacks and display literal text. Essential conversions: < becomes <, > becomes >, & becomes &, " becomes ", ' becomes '. For example, <script>alert("XSS")</script> encodes to <script>alert("XSS")</script>. Always encode user input before displaying in HTML. URL encoding differs: spaces become %20, & becomes %26. Use HTML encoding for content, URL encoding for query parameters.
Encode special characters to HTML entities or decode HTML entities back to characters. Supports named entities (&), numeric entities (&), and hexadecimal entities (&).
Works OfflineDark ModeNo Ads
Text to Encode
Encoded Result
Common HTML Entities Reference
| Char | Named | Numeric | Hex | Description |
|---|---|---|---|---|
| & | & | & | & | Ampersand |
| < | < | < | < | Less than |
| > | > | > | > | Greater than |
| " | " | " | " | Double quote |
| ' | ' | ' | ' | Single quote |
| (space) | |   |   | Non-breaking space |
| © | © | © | © | Copyright |
| ® | ® | ® | ® | Registered |
| ™ | ™ | ™ | ™ | Trademark |
| € | € | € | € | Euro sign |
| £ | £ | £ | £ | Pound sign |
| — | — | — | — | Em dash |
| – | – | – | – | En dash |
| • | • | • | • | Bullet |
| … | … | … | … | Ellipsis |
About HTML Entities
- Named entities: Human-readable, like & for &
- Numeric entities: Decimal code points, like & for &
- Hex entities: Hexadecimal code points, like & for &
- Why encode? Prevents HTML injection and displays special characters correctly
How to Use
- Enter your value in the input field
- Click the Calculate/Convert button
- Copy the result to your clipboard
Frequently Asked Questions
- What are HTML entities?
- HTML entities are special codes used to display reserved characters, symbols, and special characters in HTML. Named entities use names like & (ampersand), < (less than), > (greater than). Numeric entities use decimal & or hex & codes. They prevent HTML from misinterpreting characters as markup and allow displaying characters not on the keyboard.
- Why do I need to encode HTML?
- HTML encoding is essential to prevent breaking markup and protect against XSS (Cross-Site Scripting) attacks. Characters like <, >, &, and quotes have special meaning in HTML. For example, displaying <script> literally requires encoding it as <script> — otherwise the browser treats it as actual JavaScript. Always encode user input before displaying it in HTML.
- What characters need HTML encoding?
- Five characters must always be encoded in HTML content: & (&), < (<), > (>), " (" in attributes), and ' (' in attributes). Additionally, encode non-breaking spaces ( ), copyright symbols (©), and other special characters like é (é), — (—), and • (•).
- What is the difference between named and numeric entities?
- Named entities use memorable names: © for ©, € for €, for non-breaking space. Numeric entities use character codes: © (decimal) or © (hexadecimal) for ©. Named entities are more readable but not all characters have names. Numeric entities work for any Unicode character. Both are decoded identically by browsers.
- How do I decode HTML entities in JavaScript?
- In the browser, create a temporary element: const el = document.createElement('div'); el.innerHTML = '<p>Hello</p>'; const decoded = el.textContent; returns "<p>Hello</p>". Or use DOMParser: new DOMParser().parseFromString(text, 'text/html').documentElement.textContent. For Node.js, use the html-entities library or he package.
- Do I need to encode HTML in JSON?
- No, JSON does not interpret HTML tags or entities — it is a pure data format. HTML entities like < will be stored literally as the string "<" in JSON. However, if you will insert JSON data into HTML (e.g., innerHTML or dangerouslySetInnerHTML in React), encode it then. Encode at the point of rendering, not during JSON serialization.
- What is the difference between HTML encoding and URL encoding?
- HTML encoding converts characters to HTML entities (<, &) for safe display in HTML documents. URL encoding converts characters to percent-encoded format (%20 for space, %3C for <) for safe use in URLs. They serve different purposes: HTML encoding prevents markup interpretation, URL encoding makes URLs valid. Use HTML encoding for content, URL encoding for query strings and paths.
- Are HTML entities case-sensitive?
- Named HTML entities are case-sensitive: &Amp; is invalid; only & works. &Copy; will not render ©; you must use ©. However, the HTML specification is lenient — browsers may auto-correct common mistakes. Numeric entities (©, ©) are not case-sensitive for the hex prefix: both © and © work, as do © and ©.