Encode special characters to HTML entities and decode them back. Supports named entities, numeric, and hex formats.
HTML entities are special character sequences that represent characters which would otherwise be interpreted as HTML markup or which cannot be typed directly. For example, < must be written as < inside HTML content to prevent the browser from treating it as a tag opener. This tool converts any text containing &, <, >, quotes, and extended Unicode characters into their entity equivalents — supporting named (©), decimal (©), and hexadecimal (©) formats.
Decoding works by using the browser's own HTML parser — the encoded string is injected into a temporary element and the resulting text content is read back, so even complex or nested entities are resolved correctly. No data is sent to any server at any point.
<pre> or <code> block without breaking the surrounding HTML.&) instead of named or decimal ones. Click any chip in the reference panel to copy its entity code directly.At minimum, you must encode & (to &), < (to <), and > (to >) when placing user data inside HTML content. Inside attribute values, you additionally need to encode " (to ") or ' (to ') depending on which quote delimiter the attribute uses.
Named entities like © are human-readable shortcuts defined by the HTML specification for commonly used characters. Numeric entities (decimal © or hex ©) reference the Unicode code point directly and work for any Unicode character, including those without a named entity.
HTML entity encoding prevents XSS when inserting content into HTML text nodes and attribute values, but it is not sufficient in all contexts. Content placed inside <script> tags requires JavaScript escaping, content in CSS requires CSS escaping, and URLs require URL encoding. Always use context-appropriate escaping and a Content Security Policy for defence in depth.