HTML Entity Encoder / Decoder
Free HTML entity encoder decoder online — no signup required. Convert special characters like <, >, &, and " to HTML entities and back, instantly client-side in your browser.
Plain text → HTML entities
Result will appear here.
Common HTML Entities
| Character | Entity Name | Numeric | Description |
|---|---|---|---|
| & | & | & | Ampersand |
| < | < | < | Less than |
| > | > | > | Greater than |
| " | " | " | Double quote |
| ' | ' | ' | Single quote |
| |   | Non-breaking space | |
| © | © | © | Copyright |
| ® | ® | ® | Registered trademark |
| ™ | ™ | ™ | Trademark |
| € | € | € | Euro sign |
| £ | £ | £ | Pound sign |
| — | — | — | Em dash |
Features
- Encodes all special HTML characters (&, <, >, ", ')
- Decodes numeric (<), hex (<), and named (<) entities
- Real-time preview as you type
- Handles both basic and extended HTML entities
- Useful for XSS prevention and email template debugging
Frequently Asked Questions
What are HTML entities?
HTML entities are special sequences used to represent characters that have a specific meaning in HTML — such as < (<), > (>), & (&), and " ("). They ensure characters are displayed correctly rather than interpreted as HTML markup.
When do I need to encode HTML entities?
Encoding is essential when inserting user-provided content into an HTML page, building email templates, debugging API responses that contain HTML, or generating HTML from a server to prevent cross-site scripting (XSS) attacks.
What is the difference between HTML encode and escape?
In practice, HTML encoding and escaping refer to the same process — converting special characters to their entity form. 'Encode' is the common term for conversion, while 'escape' is often used in a security context.
How do I encode HTML entities online for free?
Paste your text into the input box and click Encode. All special characters are instantly converted to their HTML entity equivalents. The tool runs entirely in your browser — no signup, no data sent to any server.
How do HTML entities prevent XSS attacks?
XSS (Cross-Site Scripting) attacks inject malicious scripts via user input. Encoding characters like < to < and > to > ensures the browser renders them as text rather than executing them as code, blocking injection.