What are HTML entities?

HTML entities are special codes used to display reserved characters in HTML. For example, < is written as < and & is written as &. Without encoding, these characters would be interpreted as HTML tags or syntax.

Why should I encode HTML entities?

Encoding prevents Cross-Site Scripting (XSS) attacks by ensuring user input is displayed as text, not executed as HTML or JavaScript. It is also required to display characters like , &, and quotes in HTML content.

What encoding formats are supported?

The tool supports named entities (&, <, >), decimal numeric entities (&), and hexadecimal entities (&). You can choose which format to use for encoding.

What is the HTML entity for the copyright symbol ©?

The copyright symbol can be written as © (named entity), © (decimal), or © (hexadecimal). All three render identically in browsers. Named entities are more readable in source code.

How does HTML encoding prevent XSS attacks?

XSS attacks inject malicious tags through user input. HTML encoding converts to >, ensuring the browser displays them as text rather than executing them as code. Always encode user-generated content before rendering it in HTML.

What is the difference between HTML encoding and URL encoding?

HTML encoding (entities) is for displaying special characters safely in web pages. URL encoding (percent-encoding) is for including special characters safely in URLs. They serve different purposes and use different syntax (& vs %26).

HTML Entity Encoder / Decoder

Encode special characters to HTML entities or decode HTML entities back to text. Supports named entities (&), numeric entities (&), and hex entities (&). Essential for preventing XSS and displaying special characters.

Entity Format

Plain Text

HTML Entities

Common HTML Entities Reference

How to Use the HTML Entity Encoder / Decoder

Select Encode or Decode mode, choose your preferred entity format (named, decimal, or hexadecimal), and paste your text. The output updates in real time. Named entities like& are the most readable. Decimal entities like & work universally. Hex entities like & are common in programming. Use the Swap button to quickly decode your encoded output. The reference grid at the bottom shows the most common HTML entities — click any to insert it into your input.

Why Encode HTML Entities?

HTML entity encoding is essential for web security and correct display. Characters like<, >, &, and " have special meaning in HTML. If user input containing these characters is displayed without encoding, it creates Cross-Site Scripting (XSS) vulnerabilities — one of the OWASP Top 10 security risks. Encoding converts these characters to safe entity references that browsers render as text instead of interpreting as HTML tags or JavaScript code. For URL and Base64 encoding, see our string encoder/decoder.

Common Use Cases

Sanitize user input before displaying in web pages. Encode special characters in HTML email templates. Prepare text content for embedding in XML or RSS feeds. Decode HTML entities from web scraping results. Display code snippets in HTML without the browser interpreting them as markup. Encode copyright symbols, trademark signs, mathematical operators, and typographic characters for reliable cross-browser display. Convert your encoded content from Markdown with our Markdown to HTML converter. All processing happens locally in your browser.

HTML Entity Encoder / Decoder

How to Use the HTML Entity Encoder / Decoder

Why Encode HTML Entities?

Common Use Cases

Frequently Asked Questions

Related Tools

String Encoder / Decoder

Markdown to HTML Converter

Base64 Encoder / Decoder

Word & Character Counter