HTML Entity Encoder & Decoder

Safely encode special HTML characters to their entity equivalents, or decode them back to plain text — XSS-safe, instant, and 100% in your browser.

100% FreeNo Sign-upXSS-SafeRuns in Browser
Input
Output

What are HTML Entities?

HTML entities are special character sequences used in HTML to represent characters that have reserved meaning in the HTML specification — or characters that cannot be typed directly in source code. They always start with an ampersand (&) and end with a semicolon (;).

There are three forms of HTML entity:

  • Named entity &lt; A human-readable name defined in the HTML specification (e.g., &lt; for <).
  • Decimal numeric entity &#60; A decimal Unicode code point prefixed with # (e.g., &#60; for <).
  • Hexadecimal numeric entity &#x3C; A hex Unicode code point prefixed with #x (e.g., &#x3C; for <).

Why Encode HTML? XSS Prevention Explained

Cross-Site Scripting (XSS) is one of the most prevalent web security vulnerabilities. It occurs when an attacker injects malicious JavaScript into a web page that other users view — allowing cookie theft, session hijacking, and defacement.

The Attack Vector

If a web application accepts user input and renders it directly into HTML without encoding, an attacker can submit a payload like <script>document.cookie</script> which the browser will execute as real JavaScript.

The Fix: Output Encoding

By encoding the output before rendering, the dangerous < and > characters become &lt; and &gt;, which the browser displays as literal text instead of executing as markup.

About This Tool's Safety

Our encoder and decoder uses a pure TypeScript character-by-character mapping with no innerHTML, no eval, and no DOM manipulation. The output can be safely embedded into HTML templates without risk of executing malicious code.

Common HTML Entities Cheat Sheet

These are the characters most critical to encode when rendering user-supplied content in HTML:

CharacterDescriptionNamed EntityNumeric Entity
<Less-than sign (open tag)&lt;&#60;
>Greater-than sign (close tag)&gt;&#62;
&Ampersand (entity start)&amp;&#38;
"Double quote (attr value)&quot;&#34;
'Single quote / apostrophe&#39;&#39;
/Forward slash&#47;&#47;
`Backtick&#96;&#96;
=Equals sign&#61;&#61;
Non-breaking space&nbsp;&#160;
©Copyright symbol&copy;&#169;
®Registered trademark&reg;&#174;
Trademark symbol&trade;&#8482;
Euro sign&euro;&#8364;
£Pound sterling&pound;&#163;
Em dash&mdash;&#8212;
Ellipsis&hellip;&#8230;