What are HTML entities and why do I need them?

HTML entities are special codes that represent characters with special meaning in HTML (like &) or characters difficult to type on a keyboard (like © ™ €). They prevent browsers from misinterpreting text as HTML tags. For example, to display a < sign without it being treated as an HTML tag, write < instead.

How do I encode HTML special characters?

To encode HTML special characters, paste your text into the input field and click Encode. The tool converts characters like &, , ", and ' into their HTML entity equivalents (&, <, >, ", '). You can choose named entities (&), decimal (&), or hexadecimal (&) encoding format.

What is the difference between named and numeric HTML entities?

Named entities like & and © are human-readable but only defined for specific characters. Numeric decimal entities like & and hex entities like & work for any Unicode character. All three represent the same character — choose named for readability and numeric for maximum compatibility or when encoding non-standard characters.

How do HTML entities prevent XSS attacks?

XSS (Cross-Site Scripting) attacks inject malicious scripts into web pages via user input. HTML encoding neutralizes these attacks by converting dangerous characters — particularly — into safe entities. Instead of <script> executing as code, the browser displays it as literal text. Always encode user input before rendering it in HTML to prevent XSS vulnerabilities.

HTML Entity Encoder Decoder - Free Online HTML Entities Tool

Free HTML Entity Encoder / Decoder

HTML entities are special codes used to represent characters that have a special meaning in HTML, or characters that cannot be easily typed on a keyboard. This tool converts between plain text and HTML entities instantly.

Why Encode HTML Entities?

Prevent XSS attacks — encoding user input stops script injection

Display HTML code — show tags as text instead of rendering them

Special characters — display ©, ™, €, arrows, and math symbols

Valid HTML — characters like <, >, & must be encoded in HTML

Named vs Numeric vs Hex Entities

& — Named entity (human-readable, not all characters have names)

& — Decimal numeric (works for any Unicode character)

& — Hexadecimal numeric (compact for higher code points)

Code Examples

// JavaScript — Encode function encodeHTML(str) { return str.replace(/[<>&"']/g, char => ({ '&': '&', '<': '<', '>': '>', '"': '"', "'": ''' }[char])); } // JavaScript — Decode function decodeHTML(str) { const textarea = document.createElement('textarea'); textarea.innerHTML = str; return textarea.value; } // Python import html encoded = html.escape('<div>Hello & World</div>') decoded = html.unescape('<div>Hello</div>') // PHP $encoded = htmlspecialchars('<p>Hello</p>'); $decoded = htmlspecialchars_decode('<p>Hello</p>');

Most Common HTML Entities

& → & (ampersand)

< → < (less than)

> → > (greater than)

" → " (double quote)

' → ' (single quote / apostrophe)

  → non-breaking space

— → — (em dash)

Frequently Asked Questions

What are HTML entities?

HTML entities are special codes used to represent characters with reserved meaning in HTML, such as < (less-than), > (greater-than), & (ampersand), and " (double quote). These characters would otherwise be interpreted as HTML syntax. Entities start with & and end with ;. For example, < renders as < and & renders as &.

How do I encode text for use in HTML?

Paste your text into the input field above and click Encode. The tool converts all special characters into their corresponding HTML entities. The most important characters to encode are < (<), > (>), & (&), and " ("). This ensures your content displays correctly and helps prevent cross-site scripting (XSS) vulnerabilities in web applications.

What is the difference between named and numeric entities?

Named entities use a descriptive name like   (non-breaking space) or © (©). Numeric entities use the character's Unicode code point: decimal like   or hexadecimal like  . Both refer to the same character. Named entities are more readable; numeric entities work for any Unicode character, even those without a named entity defined.

Do HTML entities prevent XSS attacks?

Yes. Encoding user-supplied input with HTML entities prevents cross-site scripting (XSS). If a user submits <script>alert('xss')</script>, encoding it as <script>... renders it as visible text rather than executing it. Always encode untrusted input before inserting it into HTML. Server-side encoding is more reliable than client-side for security-critical applications.

What are the most important HTML entities to know?

The five most critical entities are: < (less-than <), > (greater-than >), & (ampersand &), " (double quote "), and ' (single quote '). Common display entities include   (non-breaking space), © (©), — (—), « («), and » (»). These cover the vast majority of everyday HTML encoding needs.

HTML Entity Encoder / Decoder

Encoding Format

HTML Entity Reference

🚀 More Free Dev Tools