What are HTML Entities?
HTML uses certain characters as part of its syntax β angle brackets (< and >), ampersands (&), and quotes are all special in HTML. If you want these characters to appear as visible text on a web page rather than being interpreted as HTML code, they need to be encoded as HTML entities.
For example, < becomes <, > becomes >, and & becomes &. There are also entities for characters that arenβt on a standard keyboard, like copyright symbols (©), em dashes (—), and non-breaking spaces ( ).
What Does This Tool Do?
This tool encodes text into HTML entities (replacing special characters with their entity equivalents) and decodes HTML entities back to plain text. It handles both named entities and numeric character references.
How to Use This Tool
- Choose Encode or Decode mode.
- Paste or type your text in the input area.
- The result appears immediately.
- Use the copy button to grab the output.
Common Use Cases
- Escaping user input: Encode user-submitted text before inserting it into HTML to prevent cross-site scripting (XSS) vulnerabilities.
- Displaying code: Show HTML markup as visible text on a page without the browser rendering it.
- Decoding emails: Email clients sometimes use HTML entity encoding β decode to read the plain text.
- Working with CMS content: Some content management systems encode special characters in stored content.
Frequently Asked Questions
What's the difference between named and numeric entities?
Named entities like < are human-readable. Numeric entities like < or < (hex) represent the same character by its Unicode code point. Both are valid HTML.
Does this protect against XSS attacks?
Encoding user input as HTML entities is an important step in preventing XSS. However, proper security requires a complete approach β use server-side sanitization libraries, not just this tool.
Is my data private?
Yes. All encoding and decoding runs locally in your browser.