HTML Entity Encoder / Decoder
Encode & decode HTML entities for safe HTML rendering
No data is sent to any server — everything runs client-side
Plain Text
Text with special characters
Encoded Output
HTML-safe entities
What Are HTML Entities?
HTML entities are special character sequences that represent reserved characters in HTML. Characters like <, >, and & have special meaning in HTML — the browser interprets them as tag delimiters and entity markers. To display these characters as text, you must encode them as entities.
There are two types: named entities (like &) and numeric entities (like &). Named entities are human-readable, while numeric entities can represent any Unicode character.
Common HTML Entities Reference
| Character | Named | Numeric | Description |
|---|---|---|---|
| & | & | & | Ampersand |
| < | < | < | Less than |
| > | > | > | Greater than |
| " | " | " | Double quote |
| © | © | © | Copyright |
| ™ | ™ | ™ | Trademark |
| — | — | — | Em dash |
| |   | Non-breaking space |
Why Encoding Matters: XSS Prevention
HTML entity encoding is the primary defense against Cross-Site Scripting (XSS) attacks. When user input is rendered as HTML without encoding, an attacker can inject <script> tags that execute arbitrary JavaScript in other users' browsers. Encoding ensures that < becomes <, preventing the browser from interpreting it as markup.
Related Tools
How to Use the HTML Entity Encoder
Choose Encode or Decode
Select the "Encode" tab to convert special characters to HTML entities, or the "Decode" tab to reverse HTML entities back to their original characters.
Choose an encoding mode (Encode only)
Named mode (&amp;) replaces known special characters with their HTML entity names. Numeric mode (&) uses decimal code points. "All non-ASCII" encodes every character outside the basic ASCII range.
Paste your input
Enter the text containing special characters (to encode) or HTML entities (to decode) into the input textarea.
Copy the result
Click the Encode/Decode button. The result appears in the output panel. Click "Copy" to copy it to your clipboard.
Frequently Asked Questions
What is the difference between named and numeric HTML entities?▼
Named entities (&amp;, &lt;, &copy;) are human-readable aliases for specific characters. Numeric entities (&, <) use the Unicode code point in decimal or hexadecimal (&). Named entities are more readable; numeric entities cover any Unicode character.
Do I need to encode all non-ASCII characters?▼
Only if your HTML document does not declare UTF-8 encoding. Modern HTML documents with <meta charset="UTF-8"> can include non-ASCII text directly without encoding. You should always encode <, >, &, and " in element attributes and text content regardless of charset.
Why is &nbsp; different from a regular space?▼
&nbsp; is a non-breaking space — browsers will never wrap a line at a &nbsp;. It also does not collapse with adjacent spaces. Use it to prevent line breaks between words or to add fixed spacing in HTML.
Does HTML entity encoding prevent XSS?▼
Yes, when applied correctly. Encoding < as &lt; and & as &amp; prevents user input from being interpreted as HTML markup. This must be applied on every user-controlled value rendered in HTML context.
What is the difference between HTML entities and URL encoding?▼
HTML entities encode characters for safe display inside HTML documents. URL encoding (percent-encoding) encodes characters for safe use inside URLs. They use different syntaxes and serve different contexts — a space is &nbsp; in HTML but %20 in URLs.
Further Reading
Built by JDApplications