Html Entities
HTML entities encode characters that have special meaning in HTML (<, >, &, ") and characters outside the ASCII range (accented letters, symbols, emoji). Proper encoding prevents XSS vulnerabilities when displaying user input and ensures text renders correctly across all browsers and character sets.
Input
Output
About the HTML Entity Encoder / Decoder
HTML entities encode characters that have special meaning in HTML (<, >, &, ") and characters outside the ASCII range (accented letters, symbols, emoji). Proper encoding prevents XSS vulnerabilities when displaying user input and ensures text renders correctly across all browsers and character sets.
How to use it
- Paste text to encode HTML entities: & → &, < → <, > → >, " → ".
- Or paste HTML entities to decode them back to readable characters.
- Toggle between named entities (&), decimal (&), and hex (&) encoding.
- Use the XSS-safe mode to encode all potentially dangerous characters.
Formula & methodology
Named: & → & < → < > → > " → " ' → ' or ' (HTML5). Decimal: char → &#[decimal]; Hex: char → &#x[hex]; Special: copyright → © trademark → ™ registered → ® em-dash → — rsquo → ’ ellipsis → …
Common use cases
- Security: encoding user input before inserting into HTML to prevent XSS
- Email templates: encoding special characters for email client compatibility
- CMS: ensuring article content with < or > renders correctly
- API responses: encoding HTML in JSON strings
- Troubleshooting: diagnosing why & shows as & in a page
Frequently asked questions
Related tools
All Tools →Embed this tool on your site
Free for personal and commercial use. Just copy the snippet below.