HTML Entity Encoder / Decoder
Encode special characters to HTML entities or decode HTML entities back to characters.
What is an HTML Entity Encoder / Decoder?
HTML entities are special codes used to represent characters that have reserved meanings in HTML,
or characters that cannot easily be typed. For example, the less-than sign <
must be written as < inside HTML, otherwise the browser
interprets it as the start of a tag.
This tool lets you instantly encode raw text into safe HTML entity representation, or decode entity-encoded HTML back to its original readable form — with real-time live preview as you type.
How to Use This Tool
- Choose Encode mode to convert special characters to HTML entities (e.g.,
<,&). - Choose Decode mode to convert HTML entities back to readable characters.
- Enable Named Entities to use human-readable names like
&instead of numeric codes like&. - Enable Encode Non-ASCII to also encode accented letters and symbols.
- Click any entity in the reference table to insert it into the input field.
- Use Swap to reverse input/output for quick back-and-forth testing.
Common Use Cases
- Safely embedding user input into HTML pages to prevent XSS attacks.
- Preparing content for CMS editors, blog posts, and email templates.
- Debugging encoded HTML from APIs or databases.
- Encoding special symbols like © ® ™ ← → in web copy.
- Teaching and learning HTML entity syntax.
What characters need to be encoded in HTML?
The five essential characters are < (less-than),
> (greater-than), & (ampersand),
" (double quote), and ' (single quote).
These have special meaning in HTML and must be escaped to display correctly.
What is the difference between named and numeric entities?
Named entities use a descriptive name (e.g., © for ©),
while numeric entities use the Unicode code point — either decimal
(©) or hexadecimal (©).
Named entities are more readable; numeric ones work for any Unicode character.
Does encoding prevent XSS attacks?
Properly HTML-encoding user-supplied input before inserting it into a page is one of the
primary defenses against Cross-Site Scripting (XSS). It ensures that characters like
< and > cannot form
executable script tags. Always combine encoding with proper Content Security Policy headers for full protection.
Why should I encode quotes?
Quotes matter when inserting values inside HTML attribute values (e.g.,
value="..."). If your text contains a double quote,
it would break the attribute syntax unless encoded as ".
What does "Encode Non-ASCII" do?
When enabled, all characters outside the standard ASCII range (code points above 127) — such as accented letters (é, ü), currency symbols (€, ¥), and emoji — are converted to numeric HTML entities. This is useful when targeting environments that cannot reliably handle UTF-8 encoding.
Can this tool decode all types of HTML entities?
Yes. The decoder handles named entities (like ),
decimal numeric entities ( ), and hexadecimal
numeric entities ( ). It uses the browser's
built-in parser for full compatibility with the HTML specification.
