HTML Encoder/Decoder
Encode special HTML characters to entities or decode HTML entities back to characters.
How to use
- 1 Select Encode to convert special HTML characters (< > & " ') into HTML entities, or Decode to reverse.
- 2 Paste your HTML snippet or raw text into the input.
- 3 The converted output appears instantly.
- 4 Click Copy and paste it safely into HTML attributes or template literals.
Key features
- Converts < > & " ' to HTML entities and back
- Prevents XSS risks when embedding user input in HTML
- Real-time output with no page reload
- Works for any HTML snippet or attribute value
What are HTML Entities?
HTML entities are escape sequences that represent characters that either have special meaning in HTML or cannot appear directly in text. < means less-than sign, & means ampersand, and so on.
Without encoding, a stray < in user-generated content breaks the HTML structure, and a stray & triggers a parser warning. More critically, unencoded user input is the root cause of Cross-Site Scripting (XSS) attacks — one of the most common web vulnerabilities (OWASP Top 10).
Common Use Cases
Preventing XSS attacks
Encode user-submitted content before rendering it in HTML to prevent injected scripts from executing.
Displaying code snippets
Encode HTML examples inside <pre> or <code> blocks so angle brackets render as text, not markup.
Email template HTML
Encode special characters in email body HTML to avoid breaking rendering across email clients.
CMS and rich text editors
Decode HTML entities returned from a CMS API to render stored content correctly in a frontend app.
Sanitizing form inputs
Encode data from text fields before inserting it into an HTML template on the server side.
Debugging malformed HTML
Paste raw HTML with entity issues to see which characters are incorrectly encoded or double-encoded.
Essential HTML Entities
The characters you'll most often need to encode in HTML.
| Character | Named entity | Numeric entity | Why it matters |
|---|---|---|---|
| < | < | < | Opens HTML tags — must be escaped |
| > | > | > | Closes HTML tags |
| & | & | & | Starts entity sequences — always escape |
| " | " | " | Breaks attribute values in double quotes |
| ' | ' | ' | Breaks attribute values in single quotes |