HTML Entity Encoder
Encode HTML special characters to entities, or decode entities back to characters.
About HTML Entities
HTML entities are special codes used to represent characters that have special meaning in HTML, or characters that can't be typed directly. The five characters that must be escaped in HTML are: & (ampersand ā &), < (less-than ā <), > (greater-than ā >), " (double quote ā "), and ' (single quote ā '). Failing to escape these in user-generated content is one of the leading causes of XSS (Cross-Site Scripting) vulnerabilities.
HTML entities can also represent characters not available on standard keyboards, like copyright symbols (© ā Ā©), em dashes (— ā ā), and mathematical symbols. This encoder handles both named entities and numeric (decimal and hex) entities.
How to Use
- Choose Encode to convert special characters to HTML entities, or Decode to reverse.
- Paste or type text in the left panel ā the result appears instantly on the right.
- Click any entity in the reference grid to insert it into the input field.
- Click āæ» Copy to copy the output, or ā Swap to flip input and output.
Frequently Asked Questions
<script>alert('XSS')</script> and you display it without encoding, the browser executes it as JavaScript. HTML entity encoding ensures the text is displayed literally instead. Always encode before inserting into HTML ā including attributes, text nodes, and title elements.&, ©, —. Numeric entities use the Unicode code point as a decimal (©) or hexadecimal (©) number. Named entities only exist for a subset of characters; numeric entities work for every Unicode character. Both forms are valid HTML and display identically in browsers.