HTML Encoder / Decoder
Encode special characters as HTML entities or decode them back. Free, instant.
What Is HTML Encoding?
HTML encoding converts characters that have special meaning in HTML — like <, > and & — into safe entity equivalents that browsers display as text rather than interpret as markup. For example, < becomes < so the browser renders a literal less-than sign instead of starting an HTML tag. HTML decoding reverses this — converting entities back to their original characters so you can read encoded source without digging through entities manually.
Common HTML Entity Reference
| Character | Entity name | Entity number | Use case |
|---|---|---|---|
| & | & | & | Ampersand in text and URLs |
| < | < | < | Less-than / opening tag character |
| > | > | > | Greater-than / closing tag character |
| " | " | " | Double quote inside HTML attributes |
| ' | ' | ' | Single quote in HTML5 and XML |
| © | © | © | Copyright symbol |
| ® | ® | ® | Registered trademark symbol |
| € | € | € | Euro currency sign |
Why HTML Encoding Matters for Security
Cross-site scripting (XSS) attacks inject malicious scripts into web pages by exploiting unencoded user input. If a user submits <script>alert(1)</script> and your application displays it raw, the browser executes it. Encoding all user-supplied content before displaying it in HTML prevents the browser from interpreting the content as markup. This is one of the most fundamental security practices in web development — every web framework provides an HTML encoding function for exactly this reason.
HTML Encoding vs URL Encoding
| HTML encoding | URL encoding | |
|---|---|---|
| Purpose | Safe display in HTML documents | Safe transmission in URLs and query strings |
| Format | Named entities (&) or numeric (&) | Percent sequences (%26) |
| Example: & | & | %26 |
| Example: space | or left as-is | %20 or + |