HTML Entity Encoder & Decoder
Html Decode
Decode HTML entities to plain text instantly. Convert & < > and numeric codes. Free, private, works offline.
Html Encode
Encode HTML entities to escape special characters. Convert < > & " to safe HTML entities. Prevent XSS attacks. Free, private, instant.
Html Special Chars
Encode HTML special characters with visual reference. Convert symbols to entities. See character codes, names, and usage. Browser-based, instant.
HTML Entity Encoding
HTML uses certain characters for syntax: < and > for tags, & for entities, quotes for attributes. When these characters appear in content, they must be encoded as entities to display correctly and prevent security issues.
Essential Entities
- < — Less than (<)
- > — Greater than (>)
- & — Ampersand (&)
- " — Double quote (")
- ' — Single quote/apostrophe (')
Security: Preventing XSS
Cross-site scripting (XSS) attacks inject malicious scripts through unescaped user input. When displaying user-generated content, encoding prevents <script> tags from executing. Always encode untrusted data before rendering in HTML.
Named vs Numeric Entities
Named entities like © (©) are readable but not available for all characters.
Numeric entities like © (also ©) work for any Unicode character. Use decimal (©) or hexadecimal (©) format.
Displaying Code
When showing HTML code examples on web pages, encode all tags so they display as text rather than being interpreted. This is essential for documentation and tutorials.