HTML Entity Encoder / Decoder
Encode HTML special characters to entities or decode entities.
Common HTML entities reference
| Char | Entity | Char | Entity |
|---|---|---|---|
| & | & | < | < |
| > | > | " | " |
| ' | ' | | |
| © | © | ® | ® |
| ™ | ™ | € | € |
| £ | £ | ¥ | ¥ |
| ¢ | ¢ | § | § |
| ° | ° | ± | ± |
| × | × | ÷ | ÷ |
| ¼ | ¼ | ½ | ½ |
| ¾ | ¾ | – | – |
| — | — | ‘ | ‘ |
| ’ | ’ | “ | “ |
| ” | ” | • | • |
| … | … | ← | ← |
| → | → | ↑ | ↑ |
| ↓ | ↓ | ↔ | ↔ |
| ♠ | ♠ | ♣ | ♣ |
| ♥ | ♥ | ♦ | ♦ |
The 5 essential HTML characters to always encode
Any text that will be rendered as HTML content must have these five characters escaped to prevent parsing issues and XSS attacks:
&(ampersand) →&<(less than) →<>(greater than) →>"(double quote) →"'(single quote) →'
Three encoding modes explained
- Minimal: Only encodes the 5 HTML-special characters above. Use when rendering user content in HTML to prevent XSS.
- Named entities: Converts named characters (©, ®, €, →, etc.) to their HTML entity equivalents. Useful for typographically correct HTML.
- Numeric: Encodes all non-ASCII characters as decimal character references (&#xx;). Use when targeting strict ASCII-only HTML documents.
Decoding HTML entities
Switch to Decode mode to convert HTML entities back to readable characters. Useful for reading HTML source code, inspecting encoded email bodies, or processing HTML-encoded data from APIs.
Frequently asked questions
- What are HTML entities?
- HTML entities are special codes used to represent characters that either have special meaning in HTML or cannot be typed easily. They start with an ampersand (&) and end with a semicolon (;). For example, < represents < (which would otherwise start an HTML tag) and & represents & (which would otherwise start an entity).
- When do I need to encode HTML characters?
- Encode HTML characters when: (1) displaying user-submitted content in HTML to prevent XSS (Cross-Site Scripting) attacks — any < > & " ' must be encoded, (2) including special symbols like copyright ©, registered ®, or currency signs in HTML, (3) placing HTML code examples inside a web page for display.
- What is the difference between named and numeric entities?
- Named entities use a descriptive name: < for <, © for ©. Numeric entities use the character's decimal (<) or hex (<) Unicode code point. Named entities are more readable; numeric entities work for any character, even those without a named equivalent. All browsers support both.
- What is XSS and how does encoding prevent it?
- Cross-Site Scripting (XSS) is an attack where malicious JavaScript is injected into a web page via unescaped user input. If a user submits <script>alert(1)</script> and it is rendered as HTML, the script executes. Encoding the < and > as < and > makes the browser display the text literally instead of executing it as HTML.
- What is the minimal encoding level?
- Minimal encoding only escapes the 5 characters with special meaning in HTML: & (→ &), < (→ <), > (→ >), " (→ "), and ' (→ '). This is the minimum required to safely embed text in HTML and prevent XSS. Use this level when you need to display user input in an HTML page.
Related tools
- JSON Formatter
Format, beautify, minify, and validate JSON in your browser
- QR Code Generator
Generate QR codes for URLs, text, Wi-Fi, and more. Download as PNG.
- Password Generator
Generate strong, random passwords with custom length and character sets.
- Base64 Encoder / Decoder
Encode text to Base64 or decode Base64 back to plain text.
- URL Encoder / Decoder
Encode or decode URLs and query strings with percent-encoding.