A Lot Of Tools
Toggle language
Toggle theme
Back

HTML Encoder/Decoder

Mode

Select encode or decode mode

Options

Convert " and ' to entities

Encode every character, not just special ones

Use < instead of <

Text Input

0 chars

HTML Encoded Output

0 chars

Common HTML Entities

<&lt;
>&gt;
&&amp;
"&quot;
'&#39;
©&copy;
®&reg;
&trade;
 &nbsp;
&euro;
£&pound;
°&deg;

Related Tools

URL Encoder/Decoder

Percent encoding for URLs

Base64 Encoder/Decoder

Base64 encoding conversion

Find and Replace

Search and replace text

What are HTML Entities?

HTML entities are special codes used to represent characters that have special meaning in HTML or cannot be easily typed on a keyboard. They allow you to display reserved characters like <, >, and & as text rather than HTML markup.

This free online tool converts text to HTML entities (encoding) or converts HTML entities back to readable text (decoding). It supports both named entities (like &amp;) and numeric entities (like &#38;).

All processing happens directly in your browser - your data never leaves your device.

Common Uses for HTML Encoding

Displaying Code

Show HTML, XML, or code snippets on web pages without the browser interpreting them as markup.

Security (XSS Prevention)

Encode user input before displaying it to prevent Cross-Site Scripting (XSS) attacks.

Special Characters

Display copyright symbols, trademark signs, currency symbols, and other special characters that aren't on standard keyboards.

Email Templates

Ensure special characters display correctly in HTML emails across different email clients.

Frequently Asked Questions

What's the difference between named and numeric entities?

Named entities use descriptive names like &amp; for &, making them more readable. Numeric entities use character codes like &#38; (decimal) or &#x26; (hexadecimal). Both produce the same result, but named entities are easier to remember while numeric entities can represent any Unicode character.

Which characters need to be encoded?

The essential characters to encode are: & (ampersand), < (less than), > (greater than), and " (double quote in attributes). Single quotes should also be encoded in attributes. For security, it's best to encode all special characters when displaying user input.

How does HTML encoding prevent XSS attacks?

XSS attacks inject malicious scripts through user input. By encoding characters like < and >, script tags become harmless text (&lt;script&gt;) instead of executable code. Always encode user-provided content before displaying it.

Is my data sent to a server?

No. All encoding and decoding happens entirely in your browser using JavaScript. Your data never leaves your device, making this tool completely private and secure.