HTML Entity Encoder / Decoder

HTML Entity Encoder / Decoder — Free online HTML entity encoder and decoder. Escape HTML special characters to prevent XSS and rendering issues, or decode HTML entities back to readable text. Supports named, decimal, and hex entities.

0Input length

0Output length

0Encoded

Ess.Mode

Plain text / HTML

Escaped HTML

Plain text / HTML

Escaped HTML

How to encode and decode HTML entities

Choose Encode or Decode. Encode escapes characters for safe HTML insertion; Decode converts entities back to plain text.
Choose Essential or All chars mode (encode only). Essential encodes the five critical characters — & < > " '. All chars additionally encodes accented letters, symbols, and emoji as numeric entities.
Paste your text or HTML. The result appears instantly.
Use Swap to round-trip the output back through the tool.

Essential HTML entities reference

Character	Entity	Numeric	Why it matters
&	&	&	Starts all entities — must be encoded first
<	<	<	Opens HTML tags — raw < breaks markup
>	>	>	Closes HTML tags
"	"	"	Delimits attribute values in double quotes
'	'	'	Delimits attribute values in single quotes
©	©	©	Copyright — commonly needed
—	—	—	Em dash — often pasted as a raw character
…	…	…	Ellipsis — three dots as one glyph

When to use each mode

Essential mode is correct for the vast majority of use cases. Encoding the five critical characters is sufficient to prevent HTML injection, XSS, and layout breakage when inserting user-generated content into HTML.

All chars mode is useful for generating HTML email that must render correctly in old email clients that do not support UTF-8, or for embedding text in HTML documents with a non-UTF-8 charset declaration. Modern browsers handle UTF-8 natively so raw Unicode in HTML is fine.

Related tools: URL Encoder for percent-encoding URLs, Base64 Encoder for binary-to-text encoding, or the JSON Formatter to validate and format JSON.

Frequently Asked Questions

What are HTML entities?

HTML entities are special codes used to represent characters that have meaning in HTML (like < > & ") or characters not easily typed on a keyboard. They start with & and end with ; — for example < represents < and & represents &.

Why do I need to encode HTML characters?

If you insert raw characters like < or & into HTML without encoding them, the browser may interpret them as HTML tags or entity starts, breaking your layout or creating security vulnerabilities (XSS). Encoding them as < and & makes them display correctly as text.

What is the difference between Essential and All modes?

Essential mode encodes only the five critical characters: & < > " '. This is sufficient for safely inserting text into HTML. All mode additionally encodes any character outside basic ASCII (accented letters, symbols, emoji) as numeric entities — useful for maximum compatibility with older systems.

What types of entities can this tool decode?

The decoder handles named entities (& < © etc.), decimal numeric entities (A), and hexadecimal numeric entities (A). Unknown named entities are left unchanged.

Does this prevent XSS attacks?

Encoding user input with HTML entities before inserting it into HTML prevents most reflected XSS attacks. However, context matters — encoding for HTML attributes, JavaScript strings, and CSS requires different escaping rules. This tool handles HTML text content and attribute values.