🌐

HTML Encoder / Decoder

Encode and decode HTML entities

Input

Output

Common HTML Entities

& → &

< → <

> → >

" → "

' → '

® → ®

™ → ™

€ → €

£ → £

About HTML Encoder / Decoder

Characters like <, >, &, and " have special meaning in HTML. If you put them directly in page content, the browser tries to parse them as markup. Encoding them as <, >, &, " tells the browser to render them as text. This is the basic mechanism behind XSS prevention — user input that contains <script> tags becomes harmless <script> after encoding. The Decoder reverses the process. Also handles numeric entities (< and < both represent <) and all Unicode named entities.

Common Use Cases

→Safely displaying user-submitted content in HTML
→Encoding code snippets for display in documentation or blog posts
→Decoding entities copied from websites or API responses
→Preparing content for HTML attributes that contain quote characters

Frequently Asked Questions

What are HTML entities?+

Named or numeric codes representing characters that have special HTML meaning or cannot be typed directly. Start with & and end with ;. Examples: < for <, & for &, © for ©,   for non-breaking space.

Why does this matter for security?+

Without encoding, an attacker submitting <script>steal(document.cookie)</script> as input could have it executed by the browser. Encoding converts < and > to entities, so the browser displays the text instead of running it.

HTML encoding vs URL encoding — what is the difference?+

Different contexts, different formats. HTML encoding uses &entity; for safe rendering in HTML markup. URL encoding uses %XX for safe transmission in URLs. You often need both — a URL in an href attribute needs both URL and HTML encoding.