Free Online HTML Entity Encoder & Decoder
Encode and decode HTML entities. Convert special characters to HTML entities and back with named and numeric entity support.
html Input HTML
code Output Result
Characters: 0 | Bytes: 0
Characters: 0 | Bytes: 0
Common HTML Entities Reference
| Character | HTML Entity | Description |
|---|---|---|
| & | & | Ampersand |
| < | < | Less than |
| > | > | Greater than |
| " | " | Double quote |
| ' | ' | Single quote |
| Space | | Non-breaking space |
| © | © | Copyright |
| ® | ® | Registered trademark |
| ™ | ™ | Trademark |
| € | € | Euro sign |
Key Features
Fast Processing
All operations run locally in your browser for instant results with no server latency.
Privacy Protected
Your data never leaves your browser. No server storage or tracking.
Frequently Asked Questions
Basics
What are HTML entities?
HTML entities are codes that start with an ampersand (&) and end with a semicolon (;), used to display reserved or hard-to-type characters in HTML documents. For example, the entity for < is <, and the entity for > is >.
Why encode HTML entities?
There are two main reasons: First, to prevent XSS (Cross-Site Scripting) attacks - if user input contains <script> tags, encoding converts them to plain text. Second, to ensure special characters display correctly across different encodings and browsers.
Which characters are encoded?
This tool encodes: & (&), < (<), > (>), " ("), ' ('), © (©), ® (®), ™ (™), € (€), and all non-ASCII characters.
Technical Details
What is the difference between named entities and numeric entities?
Named entities (&, <, ©) use a mnemonic abbreviation that is easier to read. Numeric entities use the character's Unicode code point in either decimal (©) or hexadecimal (©) format. Browsers support both equally.
When is HTML entity encoding a sufficient XSS defense?
HTML entity encoding is sufficient when inserting untrusted data into the text content of an HTML element body. It is NOT sufficient for data placed inside HTML attribute values, JavaScript blocks, CSS, or URL parameters.