๐Ÿ”ค Utilities

HTML Entity Encoder / Decoder

Convert special characters to HTML entities (& < > etc.) and back. Handles named entities, numeric entities and full document encoding.

๐Ÿ“– How to Use
โ–ผ
1
Paste text with special characters or HTML entities
2
Choose Encode or Decode
3
Copy the result โ€” safe to paste in HTML documents
๐Ÿ“ Examples
Encode
<div class="test">Hello & World</div>
&lt;div class=&quot;test&quot;&gt;Hello &amp; World&lt;/div&gt;
๐Ÿ“ Input
EncodeDecode
โœ… Output
๐Ÿ“‹ Common HTML Entities Reference

What is the HTML Entity Encoder / Decoder?

The HTML Entity Encoder converts special characters into their HTML entity equivalents โ€” for example, transforming < into &lt; and & into &amp; โ€” and reverses the process in decode mode. This is a critical operation in web development and security engineering because inserting raw user-generated content directly into HTML without encoding is the primary cause of Cross-Site Scripting (XSS) vulnerabilities, one of the most exploited classes of security bugs on the web.

HTML entity encoding is also essential when writing HTML documentation, embedding code samples in web pages, or working with template engines that generate HTML output. Knowing which characters must be encoded and when to encode them is a foundational web security skill for any developer building applications that display user input, parse third-party data, or render dynamic content in a browser.

When to Use This Tool

How It Works

Encoding replaces the five HTML-critical characters โ€” ampersand (&), less-than (<), greater-than (>), double quote ("), and single quote (') โ€” with their named or numeric HTML entity equivalents using simple string replacement. Decoding takes the reverse path by assigning the entity-encoded string as the innerHTML of a temporary <textarea> element and reading back the value property, which the browser automatically decodes. This approach leverages the browser's own HTML parser for decoding, ensuring correct handling of all named and numeric entities without maintaining a full entity lookup table.

Example Walkthrough

Suppose a support ticket form lets users paste raw text that gets rendered directly into an admin dashboard. A user submits the string:

Please fix the