Passer au contenu principal

Entités HTML

HTML entities encode characters that have special meaning in HTML (<, >, &, ") and characters outside the ASCII range (accented letters, symbols, emoji). Proper encoding prevents XSS vulnerabilities when displaying user input and ensures text renders correctly across all browsers and character sets.

Entrée

Sortie

Partager cet outil
Developer Tools

À propos de HTML Entity Encoder / Decoder

HTML entities encode characters that have special meaning in HTML (<, >, &, ") and characters outside the ASCII range (accented letters, symbols, emoji). Proper encoding prevents XSS vulnerabilities when displaying user input and ensures text renders correctly across all browsers and character sets.

Comment l'utiliser

  1. Paste text to encode HTML entities: & → &amp;, < → &lt;, > → &gt;, " → &quot;.
  2. Or paste HTML entities to decode them back to readable characters.
  3. Toggle between named entities (&amp;), decimal (&#38;), and hex (&#x26;) encoding.
  4. Use the XSS-safe mode to encode all potentially dangerous characters.

Formule et méthodologie

Named: & → &amp; < → &lt; > → &gt; " → &quot; ' → &#39; or &apos; (HTML5). Decimal: char → &#[decimal]; Hex: char → &#x[hex]; Special: copyright → &copy; trademark → &trade; registered → &reg; em-dash → &mdash; rsquo → &rsquo; ellipsis → &hellip;

Cas d'usage courants

  • Security: encoding user input before inserting into HTML to prevent XSS
  • Email templates: encoding special characters for email client compatibility
  • CMS: ensuring article content with < or > renders correctly
  • API responses: encoding HTML in JSON strings
  • Troubleshooting: diagnosing why & shows as &amp; in a page

Questions fréquentes

In JSON itself: no (JSON uses backslash escaping, not HTML entities). But if the JSON is output into an HTML context (embedded in a <script> tag or rendered directly in HTML), you must encode it. The dangerous case: PHP echo json_encode($data) inside a <script> — an attacker can inject </script> to break out. Always encode contextually, not generically.
Both represent the & character. &amp; is the named entity reference (human-readable). &#38; is the decimal numeric character reference. &#x26; is the hex numeric reference. All three produce identical output in the browser. Named entities are preferred for readability; numeric references are useful for characters without a named form.

Outils connexes

Tous les outils →

Intégrer cet outil sur votre site

Gratuit pour usage personnel et commercial. Copiez simplement le code ci-dessous.

to break out. Always encode contextually, not generically."}},{"@type":"Question","name":"What is the difference between & and &?","acceptedAnswer":{"@type":"Answer","text":"Both represent the & character. & is the named entity reference (human-readable). & is the decimal numeric character reference. & is the hex numeric reference. All three produce identical output in the browser. Named entities are preferred for readability; numeric references are useful for characters without a named form."}}]}