HTML Entity Encoder/Decoder
Encode and decode HTML entities for safe display in web pages.
Common HTML Entities
&<>"'/💡 Why encode HTML? HTML entities prevent browsers from interpreting special characters as HTML code, protecting against XSS attacks and ensuring text displays correctly.
HTML Entities: Encode & Decode Reference
Paste text containing special characters to encode, or paste HTML with entity codes to decode back to plain text.
Encoding converts characters like < > & into safe HTML entities. Decoding reverses this — converting entities back to their original characters.
Copy the encoded output to paste safely into HTML attributes, JSON strings, or anywhere that special characters would break syntax.
Common HTML Entities Reference
| Character | Named Entity | Numeric | When to Use |
|---|---|---|---|
| < | < | < | Inside text content to prevent tag interpretation |
| > | > | > | Inside text content to prevent tag interpretation |
| & | & | & | Always encode & in HTML to avoid entity confusion |
| " | " | " | Inside HTML attribute values using double quotes |
| ' | ' | ' | Inside HTML attribute values using single quotes |
| |   | Non-breaking space — prevents line break between words | |
| © | © | © | Copyright symbol |
| ® | ® | ® | Registered trademark symbol |
| ™ | ™ | ™ | Trademark symbol |
| € | € | € | Euro currency symbol |
| — | — | — | Em dash for punctuation in prose |
| … | … | … | Ellipsis for truncated text |
Why HTML Entity Encoding Matters for Security
The characters < > & " must always be encoded when inserting user-provided content into HTML. Leaving them unencoded allows malicious HTML or JavaScript to be injected into your page — an attack known as XSS (cross-site scripting). Always encode output, never trust raw user input in HTML context.
Frequently Asked Questions
Common questions about HTML Entity Encoder