HTML Entity Encode/Decode
Encode and decode HTML entities.
How to Use
Paste HTML or plain text into the input area and click Encode to convert special characters (like <, >, &, and quotes) into their HTML entity equivalents. Click Decode to convert HTML entities back to their original characters. Both named entities (&) and numeric entities (&) are supported.
Common Use Cases
- Escaping user-generated content before rendering it in HTML to prevent XSS
- Preparing code snippets for display in blog posts or documentation pages
- Decoding HTML entities in scraped web content to extract clean text
- Converting special characters for safe inclusion in XML documents
Frequently Asked Questions
What is the difference between named and numeric HTML entities?
Named entities use readable labels like & for & and < for <. Numeric entities use Unicode code points like & or &. Both are valid HTML; named entities are more readable but not available for every character.
Which characters must be encoded in HTML?
At minimum, you must encode < (<), > (>), & (&), and quotation marks (" and ') to prevent the browser from interpreting them as HTML markup.
Does encoding HTML entities prevent XSS attacks?
Encoding output is one important layer of XSS prevention, but it is not sufficient alone. You should also validate and sanitize input, use Content Security Policy headers, and follow the OWASP XSS prevention cheat sheet.