HTML Entity Encoder / Decoder

Encode special characters to HTML entities or decode entities back to plain text. Prevents XSS, ensures correct display.

HTML Entity Encoder / Decoder

Encode special characters into HTML entities (e.g. < → <) or decode HTML entities back to readable text. Supports named, decimal, and hex entities.

Encode all non-ASCII as &#x…;

Plain Text

HTML Entities

Output will appear here…

FAQ

Why encode HTML entities?▼

When inserting user content into HTML, special characters like <, >, and & must be escaped to prevent them from being interpreted as HTML markup or causing XSS vulnerabilities.

What is the difference between named and numeric entities?▼

Named entities use a descriptive name (e.g. &copy;), decimal entities use a decimal code point (e.g. ©), and hex entities use hexadecimal (e.g. ©). All three represent the same character.

Does decoding support all HTML5 entities?▼

This tool decodes the most common named entities. For the complete HTML5 named character references list, refer to the WHATWG specification.

Frequently Asked Questions

Why should I encode HTML entities?

Encoding HTML entities prevents special characters like <, >, and & from being interpreted as HTML markup, which is essential for preventing XSS (Cross-Site Scripting) vulnerabilities.

What is the difference between named and numeric entities?

Named entities use a mnemonic name (e.g. &), decimal entities use a numeric code point (e.g. &), and hexadecimal entities use hex (e.g. &). All are equivalent.

When should I use HTML entity encoding?

Always encode user-generated content before rendering it as HTML. This prevents XSS attacks and ensures special characters display correctly in all browsers.