Free Tools To GoFreeToolsToGo

What is HTML Encoder / Decoder?

Free HTML encoder and decoder. Convert special characters to HTML entities and back. Encode &, <, >, quotes, and all non-ASCII characters. No signup.

No file uploadsNo tracking of inputsNo account requiredWorks offline after first load

HTML Encoder runs entirely in your browser using JavaScript (browser). Your data never leaves your device.

Free HTML Encoder / Decoder

Encode text to safe HTML entities so special characters render correctly in browsers and don't break your markup. Decode HTML entities back to their original characters. Supports full HTML5 entity encoding including &amp;, &lt;, &gt;, &quot;, &#39;, and all non-ASCII Unicode characters. Useful for sanitizing user input, working with HTML templates, and debugging escaped content.

Free to embed on your website · No signup required

Common HTML entities

&&amp;
<&lt;
>&gt;
"&quot;
'&#39;
©&copy;
®&reg;
&mdash;
Free to embed on your website · No signup required

Frequently Asked Questions

HTML entities are codes used to display characters that have special meaning in HTML (like < and >) or that are not easily typed on a keyboard. For example, &lt; displays as <, &amp; displays as &, and &copy; displays as ©.
Encode HTML when inserting user-generated content into an HTML page (to prevent XSS), when displaying code snippets, when working with HTML inside XML or JSON strings, and when storing HTML text in a database.
Named entities use a human-readable name (&amp;, &copy;). Numeric entities use the Unicode code point in decimal (&#38;) or hex (&#x26;) notation. All modern browsers support both. Named entities are more readable; numeric entities work for every Unicode character.
HTML encoding is one layer of XSS prevention — it stops injected < and > from being interpreted as HTML tags. Always encode user-supplied strings before inserting them into HTML. For complete security, use a Content Security Policy (CSP) as well.
In encode-all mode every character — including letters and digits — is converted to its numeric HTML entity. This creates the most portable representation, useful when embedding HTML inside another format like XML or JSON.

You might also like

Browse all 19 Developer Tools tools →
Dev Tools

Base64 Encoder / Decoder

Encode and decode Base64 text and files instantly

base64 encoderbase64 decoder
Dev Tools

URL Encoder / Decoder

Encode and decode URLs — encodeURIComponent, encodeURI, and Base64 modes

url encoderurl decoder
Dev Tools

JSON Formatter

Format, validate, and minify JSON instantly

json formatterjson validator

HTML Entities Explained

HTML entities are escape sequences that represent characters with special meaning in HTML. The five most critical are &amp; (&), &lt; (<), &gt; (>), &quot; ("), and &#39; ('). Browsers interpret < and > as HTML tag delimiters and & as the start of an entity reference — so any text containing these characters must be encoded before being inserted into HTML, otherwise the browser may misinterpret the content or render broken markup.

HTML Encoding and XSS Prevention

Cross-site scripting (XSS) attacks work by injecting malicious HTML or JavaScript into a page. The primary defense is escaping user-supplied content before rendering it. If a user submits <script>alert(1)</script> as their username and you display it without encoding, the browser will execute the script. After encoding, it becomes &lt;script&gt;alert(1)&lt;/script&gt; — rendered as literal text, not executed. All major server-side frameworks include built-in HTML escaping. Use this tool to verify or manually encode strings when working outside a framework.

Named vs. Numeric Entities

HTML supports three entity formats: named (&copy; → ©), decimal numeric (&#169; → ©), and hexadecimal numeric (&#xA9; → ©). Named entities only exist for a defined set of characters. Numeric entities work for any Unicode code point. When embedding HTML inside XML, JSON, or other formats that have their own special characters, numeric entities are the safer choice as they avoid any parser conflicts with the outer format.