تخطى إلى المحتوى الرئيسي

كيانات HTML

HTML entities encode characters that have special meaning in HTML (<, >, &, ") and characters outside the ASCII range (accented letters, symbols, emoji). Proper encoding prevents XSS vulnerabilities when displaying user input and ensures text renders correctly across all browsers and character sets.

المدخلات

المخرجات

شارك هذه الأداة
Developer Tools

حول HTML Entity Encoder / Decoder

HTML entities encode characters that have special meaning in HTML (<, >, &, ") and characters outside the ASCII range (accented letters, symbols, emoji). Proper encoding prevents XSS vulnerabilities when displaying user input and ensures text renders correctly across all browsers and character sets.

كيفية الاستخدام

  1. Paste text to encode HTML entities: & → &amp;, < → &lt;, > → &gt;, " → &quot;.
  2. Or paste HTML entities to decode them back to readable characters.
  3. Toggle between named entities (&amp;), decimal (&#38;), and hex (&#x26;) encoding.
  4. Use the XSS-safe mode to encode all potentially dangerous characters.

الصيغة والمنهجية

Named: & → &amp; < → &lt; > → &gt; " → &quot; ' → &#39; or &apos; (HTML5). Decimal: char → &#[decimal]; Hex: char → &#x[hex]; Special: copyright → &copy; trademark → &trade; registered → &reg; em-dash → &mdash; rsquo → &rsquo; ellipsis → &hellip;

حالات الاستخدام الشائعة

  • Security: encoding user input before inserting into HTML to prevent XSS
  • Email templates: encoding special characters for email client compatibility
  • CMS: ensuring article content with < or > renders correctly
  • API responses: encoding HTML in JSON strings
  • Troubleshooting: diagnosing why & shows as &amp; in a page

الأسئلة الشائعة

In JSON itself: no (JSON uses backslash escaping, not HTML entities). But if the JSON is output into an HTML context (embedded in a <script> tag or rendered directly in HTML), you must encode it. The dangerous case: PHP echo json_encode($data) inside a <script> — an attacker can inject </script> to break out. Always encode contextually, not generically.
Both represent the & character. &amp; is the named entity reference (human-readable). &#38; is the decimal numeric character reference. &#x26; is the hex numeric reference. All three produce identical output in the browser. Named entities are preferred for readability; numeric references are useful for characters without a named form.

أدوات ذات صلة

كل الأدوات →

دمج هذه الأداة في موقعك

مجاني للاستخدام الشخصي والتجاري. فقط انسخ الكود أدناه.

to break out. Always encode contextually, not generically."}},{"@type":"Question","name":"What is the difference between & and &?","acceptedAnswer":{"@type":"Answer","text":"Both represent the & character. & is the named entity reference (human-readable). & is the decimal numeric character reference. & is the hex numeric reference. All three produce identical output in the browser. Named entities are preferred for readability; numeric references are useful for characters without a named form."}}]}