HTML Entity Encoder / Decoder
Escape HTML special characters to entities or unescape them back. Supports named, decimal, and hex numeric entities. Real-time, client-side.
Encode mode escapes < > & " ' to safe named entities. Enable Encode all non-ASCII to also convert characters like é ü © to numeric entities (useful for legacy encodings). Decode mode handles named entities, decimal {#160;}, and hex {#xa0;} forms.
Frequently Asked Questions
What are HTML entities?
HTML entities are special character sequences used to represent characters that have meaning in HTML markup or that cannot be typed directly. For example, < is the less-than sign but in HTML it opens a tag, so you must write < to display it literally. Entities can be named (&), decimal numeric (&), or hexadecimal numeric (&) — all three forms represent the same character.
Why should I encode HTML before displaying user content?
Encoding HTML entities is a critical security practice. If you display raw user input in a web page without encoding it, an attacker can inject malicious <script> tags or event handlers — a vulnerability known as Cross-Site Scripting (XSS). By escaping < > & " and ' to their entity equivalents, you ensure the browser renders the characters as text rather than interpreting them as HTML.
Is my data sent anywhere?
No. All encoding and decoding is performed in your browser using pure JavaScript string operations. Nothing you type or paste is sent to any server. You can disconnect from the internet and the tool will continue to work.
What is the difference between named and numeric HTML entities?
Named entities use a descriptive name preceded by & and followed by ; — for example & for ampersand or © for the copyright symbol. Numeric entities use the Unicode code point: decimal form is & and hex form is &. Every named entity has a numeric equivalent, but not every character has a named entity. When in doubt, numeric entities are universally supported.