HTML-Entity Encoder / Decoder

Powered by Arsenal Tools

What is HTML Entity Encoder / Decoder?

HTML Entity Encoder / Decoder converts special characters to their HTML entity equivalents (e.g. < ↁE&lt;) and decodes them back. This prevents XSS (cross-site scripting) vulnerabilities when rendering user-supplied content in HTML.

How to use

  1. Paste your text into the input box.
  2. Click Encode to convert special HTML characters to entities.
  3. Click Decode to convert HTML entities back to characters.
  4. Copy the result with the Copy button.

Common HTML entities

  • &amp; ↁE&
  • &lt; ↁE<
  • &gt; ↁE>
  • &quot; ↁE"
  • &apos; ↁE'
  • &nbsp; ↁEnon-breaking space

FAQ

Why do I need to encode HTML entities?
Characters like <, >, and & have special meaning in HTML. If user input containing these characters is inserted into HTML without encoding, a browser may execute it as code  Ea cross-site scripting (XSS) attack.
Should I encode all characters?
Generally you only need to encode the five critical characters: &, <, >, ", and '. Over-encoding regular text can make it harder to read in source code.
What is the difference between named and numeric entities?
Named entities like &amp; use a descriptive name. Numeric entities like &#38; (decimal) or &#x26; (hex) use the Unicode code point. Both represent the same character.