Encode and decode HTML entities and special characters

0 characters

Common HTML Entities

&Ampersand
&
<Less than
&lt;
>Greater than
&gt;
"Double quote
&quot;
'Single quote
&#39;
©Copyright
&copy;
®Registered
&reg;
Trademark
&trade;
Euro
&euro;
Non-breaking space
&nbsp;
, encoding it to <script>... prevents the browser from executing it as code. Always encode untrusted input before displaying it in HTML."}},{"@type":"Question","name":"How do I show HTML code on my web page?","acceptedAnswer":{"@type":"Answer","text":"Encode the HTML code using this tool, then paste the encoded version into your page. The browser will display the encoded entities as visible text rather than interpreting them as HTML. For example: <div>Hello</div> displays as
Hello
(as text, not a real div)."}},{"@type":"Question","name":"Do I need to encode all special characters?","acceptedAnswer":{"@type":"Answer","text":"No. Only characters that have special meaning in HTML (&, <, >, \", ') MUST be encoded. Other characters (like © or €) can be encoded for compatibility, but don't have to be. Use named entities (©, €) or numeric entities (©, €) for symbols."}},{"@type":"Question","name":"What about international characters and emoji?","acceptedAnswer":{"@type":"Answer","text":"Modern HTML5 uses UTF-8 encoding, so most international characters and emoji can be used directly without encoding. However, for maximum compatibility with older systems, you can encode them numerically: emoji 🎉 encodes to 🎉 or 🎉. This tool focuses on the critical security entities."}}]}

📄 HTML Entity Encoder & Decoder — Free Online Tool

Encode special characters to HTML entities or decode them back. HTML entities represent reserved characters (< > & " ') and special symbols in a safe, displayable format (e.g., &lt; &amp; &euro;). Defined in the HTML/XML specifications and W3C standards, entity encoding is essential for preventing XSS attacks, displaying code in web pages, and handling international characters.

🚀 Why use this HTML Entity Encoder & Decoder tool?

Instantly encode and decode HTML entities with support for named entities (&copy;) and numeric entities (&#169;). 100% free, no registration, and complete privacy — everything runs locally in your browser, so your data never touches a server.

Key Features

Bidirectional Encoding

Switch between encode and decode modes to convert special characters to HTML entities or reverse the process.

🔒XSS Protection

Safely escape user input before displaying it in HTML to prevent Cross-Site Scripting attacks.

📋One-Click Copy

Copy encoded or decoded output directly to the clipboard.

📚Entity Reference

Built-in reference table of common HTML entities with names and descriptions.

Popular Use Cases

Web Development & Security

  • Escape user-generated content to prevent XSS (Cross-Site Scripting) attacks
  • Safely display code snippets in HTML
  • Encode form data before rendering in HTML responses

Content Management

  • Display mathematical symbols and currency in HTML/XML
  • Create HTML email templates with special characters
  • Format international content with language-specific characters

Documentation & Blogs

  • Show raw HTML code examples without browser interpretation
  • Escape angle brackets in API documentation
  • Display special characters correctly in content management systems

Worked example

HTML Entity Encoding Example

Original HTML

<div>Hello & goodbye</div>

Output:

&lt;div&gt;Hello &amp; goodbye&lt;/div&gt;

Sources & References

Frequently Asked Questions

What are HTML entities and why do I need them?

HTML entities are text representations of special characters that have meaning in HTML/XML, like < > & " and '. Characters like < are interpreted as tag delimiters, so to display them literally, you must encode them: &lt; &gt; &amp; &quot;. Entities are also used to display symbols (©, ®, €) and international characters safely.

What is the difference between named and numeric entities?

Named entities use a name (e.g., &copy; for ©, &euro; for €). Numeric entities use the character code: decimal (&#169; for ©) or hexadecimal (&#xa9; for ©). Both are valid and interchangeable. Named entities are more readable; numeric entities work for any Unicode character.

Why is HTML entity encoding important for security?

Encoding user input prevents Cross-Site Scripting (XSS) attacks. If a user submits <script>alert('XSS')</script>, encoding it to &lt;script&gt;... prevents the browser from executing it as code. Always encode untrusted input before displaying it in HTML.

How do I show HTML code on my web page?

Encode the HTML code using this tool, then paste the encoded version into your page. The browser will display the encoded entities as visible text rather than interpreting them as HTML. For example: &lt;div&gt;Hello&lt;/div&gt; displays as <div>Hello</div> (as text, not a real div).

Do I need to encode all special characters?

No. Only characters that have special meaning in HTML (&, <, >, ", ') MUST be encoded. Other characters (like © or €) can be encoded for compatibility, but don't have to be. Use named entities (&copy;, &euro;) or numeric entities (&#169;, &#8364;) for symbols.

What about international characters and emoji?

Modern HTML5 uses UTF-8 encoding, so most international characters and emoji can be used directly without encoding. However, for maximum compatibility with older systems, you can encode them numerically: emoji 🎉 encodes to &#127881; or &#x1f389;. This tool focuses on the critical security entities.

🎓 Pro Tips

  • Tip 1: Always encode user-submitted content before displaying it in HTML to prevent XSS attacks — this is a critical security practice.
  • Tip 2: The most common entities to remember: &lt; (<), &gt; (>), &amp; (&), &quot; ("), &#39; (').
  • Tip 3: Use named entities when readable (&#copy; for ©); numeric entities work for any character but are less readable.
  • Tip 4: When displaying code snippets, encode the HTML so browsers show it as text rather than executing it.
  • Tip 5: Modern HTML5 browsers handle UTF-8 well, so international characters often don't need encoding — but test in your target environment.