HTML Entity Encoder / Decoder
Encode special characters to HTML entities and decode them back. Handles &, <, >, ", and all common entities. Useful for safely embedding user input in HTML or decoding encoded markup.
How to use
- Choose Encode to convert characters like <, >, &, and quotes to HTML entities.
- Choose Decode to convert HTML entities back to readable characters.
- Paste your text and the result appears instantly.
- Use the reference table at the bottom to look up specific entities.
Related tools:
HTML entities encode characters that would otherwise be interpreted as HTML markup. The < character starts an HTML tag - to display a literal less-than sign on a webpage you write < instead. The ampersand itself must be written as & or the browser will try to parse it as the start of another entity.
This comes up when building HTML templates, inserting user-generated content into HTML (without entity encoding, a user could inject script tags - an XSS vulnerability), or when working with XML and XHTML which are strict about special characters. The decoder goes the other way, converting & back to & for working with the actual text content.
Frequently Asked Questions
What are the most important HTML entities to know?
The five critical ones: < for <, > for >, & for &, " for ", ' for '. Everything else is optional - you can encode accented and special characters as entities but modern UTF-8 pages can include them directly.
Does HTML entity encoding prevent XSS?
Encoding user input for HTML context prevents most XSS. But it must be done correctly for the right context - HTML body encoding is different from HTML attribute, JavaScript, CSS, and URL contexts. Entity encoding alone does not cover all cases; use a proper template engine or sanitisation library.
What is the difference between & and &?
Both represent the ampersand. & is a named entity; & is a decimal numeric entity (ASCII code 38). & is the hexadecimal version. Named entities are more readable; numeric entities work even when named entities are not supported.