$html-encoder
Encode special characters to HTML entities or decode HTML entities back to text. Supports named entities (&) and numeric entities (&). Everything runs in your browser.
Encodes & < > " and ' to named HTML entities. Use for escaping user content in HTML.
Also converts non-ASCII characters (é, ñ, ü, etc.) to numeric entities. Use when the target charset is ASCII-only.
HTML Entity Reference
| Character | Named | Decimal | Description |
|---|---|---|---|
| & | & | & | Ampersand |
| < | < | < | Less than |
| > | > | > | Greater than |
| " | " | " | Double quote |
| ' | ' | ' | Single quote / apostrophe |
| |   | Non-breaking space | |
| © | © | © | Copyright |
| — | — | — | Em dash |
// how-to
How to encode and decode HTML entities
Convert characters like < > & " to their HTML entity equivalents to prevent injection and layout breakage.
Paste the source
Type or paste markup, user input, or already-encoded text into the input box.
Encode or decode
Switch direction. Encoding turns < into <, and decoding does the reverse.
Pick named or numeric
Choose between named entities (©) or numeric references (©) depending on your target context.
Copy the output
Copy the encoded or decoded text straight to your clipboard.
// faq
- ? Which characters must I encode?
- At minimum: < > & " '. Encoding these prevents accidental tag creation and attribute-breaking in HTML output.
- ? Is HTML encoding enough to prevent XSS?
- No. HTML encoding helps for text content, but attributes, URLs, JavaScript, and CSS each need context-specific escaping.
- ? Numeric or named entity — which should I pick?
- Named entities are more readable; numeric entities work in any XML parser. For HTML5, either is fine.