HTML Entities Encoder/Decoder

Encode special characters to HTML entities or decode HTML entities back to original characters. Essential for preventing XSS attacks and displaying reserved HTML characters.

Input
Enter HTML to encode
Output
Encoded HTML entities

What are HTML Entities?

HTML entities are special codes used to represent reserved characters and symbols in HTML. They start with an ampersand (&) and end with a semicolon (;), making it possible to display characters that would otherwise be interpreted as HTML code.

Why Use HTML Entities?

HTML entities are essential for:

  • Displaying reserved HTML characters like <, >, and & as text
  • Preventing XSS (Cross-Site Scripting) attacks by encoding user input
  • Displaying special symbols and non-ASCII characters
  • Ensuring proper HTML rendering across different browsers

Common HTML Entities

Reserved Characters

  • <&lt; (less than)
  • >&gt; (greater than)
  • &&amp; (ampersand)
  • "&quot; (double quote)
  • '&#39; or &apos; (single quote/apostrophe)

Special Symbols

  • ©&copy; (copyright)
  • ®&reg; (registered trademark)
  • &trade; (trademark)
  • &euro; (euro sign)
  • £&pound; (pound sign)

Spacing

  • Non-breaking space → &nbsp;
  • En dash → &ndash;
  • Em dash → &mdash;

Encoding vs Decoding

Encoding converts special characters to their HTML entity equivalents, making them safe to display in HTML without being interpreted as code.

Decoding converts HTML entities back to their original characters for display or processing.

Security Importance

Always encode user-generated content before displaying it in HTML to prevent XSS attacks. HTML entity encoding is a fundamental security practice in web development.

Example

Original Text: <script>alert('Hello')</script>

Encoded: &lt;script&gt;alert(&#39;Hello&#39;)&lt;/script&gt;

When rendered, the encoded version displays the text literally instead of executing as JavaScript code.