Convert special characters to HTML entities and back
Encode special characters like <, >, &, quotes, and non-ASCII characters into HTML entities. Decode them back to readable text. Essential for safely embedding text in HTML or preventing XSS. Runs entirely in your browser.
HTML entities are special codes that represent characters which have meaning in HTML syntax or aren't available on standard keyboards. The most common: & for &, < for <, > for >, " for ", and for non-breaking space. Without encoding, characters like < and > would be interpreted as HTML tags, breaking your page or creating security vulnerabilities (XSS attacks). This tool converts between raw text and HTML entities in both directions. Beyond security, entities are used for special characters like © (©), ™ (™), € (€), and mathematical symbols. The encoder handles named entities where available and falls back to numeric codes for other characters.
Characters like < > & " have special meaning in HTML. Without encoding, a < in user content could start an HTML tag, breaking layout or enabling XSS attacks. Encoding converts them to safe representations.
Named: & (human-readable). Numeric: & (decimal) or & (hex). Named entities exist for common characters; numeric works for any Unicode character. Browsers support both equally.
Only characters with special HTML meaning (&, <, >, ", ') need encoding. Regular text, letters, numbers, and most punctuation are fine as-is. Server-side frameworks usually auto-encode user input.
With UTF-8 encoding (standard for modern web), most characters can be used directly without entities. Entities are still required for HTML-special characters (<, >, &) and are useful for characters not on your keyboard.
XSS (Cross-Site Scripting) injects malicious HTML/JavaScript via user input. Encoding converts < to < so