HTML Entity Encoder / Decoder

Encode special characters to HTML entities and decode them back. Handles &, <, >, ", and all common entities. Useful for safely embedding user input in HTML or decoding encoded markup.

Common HTML Entities
&&amp;
<&lt;
>&gt;
"&quot;
'&#39;
©&copy;
®&reg;
&trade;
&euro;
£&pound;
¥&yen;
NBSP&nbsp;
&rarr;
&larr;
×&times;
÷&divide;

How to use

  1. Choose Encode to convert characters like <, >, &, and quotes to HTML entities.
  2. Choose Decode to convert HTML entities back to readable characters.
  3. Paste your text and the result appears instantly.
  4. Use the reference table at the bottom to look up specific entities.

HTML entities encode characters that would otherwise be interpreted as HTML markup. The < character starts an HTML tag - to display a literal less-than sign on a webpage you write &lt; instead. The ampersand itself must be written as &amp; or the browser will try to parse it as the start of another entity.

This comes up when building HTML templates, inserting user-generated content into HTML (without entity encoding, a user could inject script tags - an XSS vulnerability), or when working with XML and XHTML which are strict about special characters. The decoder goes the other way, converting &amp; back to & for working with the actual text content.

Frequently Asked Questions

What are the most important HTML entities to know?

The five critical ones: &lt; for <, &gt; for >, &amp; for &, &quot; for ", &apos; for '. Everything else is optional - you can encode accented and special characters as entities but modern UTF-8 pages can include them directly.

Does HTML entity encoding prevent XSS?

Encoding user input for HTML context prevents most XSS. But it must be done correctly for the right context - HTML body encoding is different from HTML attribute, JavaScript, CSS, and URL contexts. Entity encoding alone does not cover all cases; use a proper template engine or sanitisation library.

What is the difference between &amp; and &#38;?

Both represent the ampersand. &amp; is a named entity; &#38; is a decimal numeric entity (ASCII code 38). &#x26; is the hexadecimal version. Named entities are more readable; numeric entities work even when named entities are not supported.

HTML Entity Encoder / Decoder | ToolHaven