</>

HTML Entity Encoder / Decoder

Encode special characters to &amp; &lt; &gt; or decode them back. Choose named, decimal, or hex format. Full entity reference table included.

Named & NumericEncode / DecodeHTML PreviewEntity ReferenceXSS Prevention

Scope

Format

Named vs Decimal vs Hex β€” At a Glance

Named Entities

&amp; &lt; &copy; &euro;

βœ“Human-readable

βœ“Shorter for common characters

βœ“Works in all HTML versions

βœ—Not every character has a name

βœ—Must know the entity name

Decimal Numeric

&#38; &#60; &#169; &#8364;

βœ“Works for every Unicode character

βœ“No lookup table needed

βœ—Less readable than named

βœ—Slightly longer for common chars

Hex Numeric

&#x26; &#x3C; &#xA9; &#x20AC;

βœ“Matches Unicode code points directly

βœ“Familiar to developers

βœ—Least human-readable

βœ—Case variations (&#x26; vs &#X26;)

When to Use HTML Entity Encoding

πŸ›‘οΈ

Preventing XSS

Always encode user-generated content before inserting it into HTML. Encoding < > & " prevents injected scripts from executing.

πŸ“

Displaying Code Samples

When showing HTML or code inside a web page, encode the angle brackets so the browser displays them as text rather than parsing them as tags.

πŸ“§

Email Templates

Many email clients only support ASCII. Encoding all non-ASCII characters ensures your email renders correctly across all clients and encodings.

🌐

Internationalised Content

Encode accented and special characters (Γ©, Γ±, ΓΌ) when your HTML file might not be served with UTF-8 encoding declared.

πŸ“„

CMS & Rich Text

Legacy CMS platforms may strip or misinterpret special characters. Encoding them first ensures the content is stored and displayed correctly.

βš™οΈ

XML Documents

XML requires that & < > " be encoded in text nodes and attribute values. HTML entity format is also valid XML entity format for these five characters.

Frequently Asked Questions

What is HTML entity encoding?+

HTML entity encoding replaces characters that have special meaning in HTML β€” like &, <, >, " β€” with safe representations called entities. For example & becomes &amp; and < becomes &lt;. This prevents the browser from interpreting those characters as HTML markup and is essential for security and correctness.

What is the difference between named, decimal, and hex entities?+

Named entities use a human-readable name (&amp;, &lt;, &copy;). Decimal entities use the character's Unicode code point as a decimal number (&#38;, &#60;, &#169;). Hex entities use the code point in hexadecimal (&#x26;, &#x3C;, &#xA9;). All three are equivalent β€” browsers render them identically.

When should I use 'Encode unsafe only' vs 'Encode all non-ASCII'?+

Use 'Unsafe only' when your HTML file is saved as UTF-8 β€” the browser can render accented letters and symbols directly, and you only need to escape the five characters that break HTML parsing. Use 'All non-ASCII' for maximum compatibility with older systems or when your output must be pure ASCII, like in email templates or legacy CMS platforms.

Is HTML entity encoding the same as URL encoding?+

No. HTML entity encoding is for embedding text safely inside HTML documents. URL encoding (percent encoding) is for safely including characters in a URL. They use completely different formats β€” &amp; in HTML vs %26 in a URL. Use our URL Encoder/Decoder tool for URL encoding tasks.

Does encoding HTML entities prevent XSS attacks?+

Encoding HTML entities in user-generated content that you insert into HTML is one of the most important defenses against Cross-Site Scripting (XSS). By encoding <, >, &, ", and ', you prevent injected scripts from being interpreted as markup. However, it must be used in the right context β€” it does not protect values injected into JavaScript blocks or CSS without additional escaping.

What does &amp;nbsp; do?+

&nbsp; is a non-breaking space. Unlike a regular space, it prevents the browser from collapsing it or wrapping a line at that point. It is commonly used to force spacing in HTML where the browser would otherwise ignore extra spaces, or to keep two words on the same line.

Why does my decoded text look wrong?+

This usually happens when the input contains malformed or non-standard entity references. Make sure entities are properly terminated with a semicolon (;&amp; not &amp). Also, some old documents use numeric entities from Windows-1252 encoding (like &#128; for €) which decode differently from Unicode code points.

Can I encode an entire HTML file?+

This tool encodes the text content you paste. If you paste raw HTML source code and choose 'Encode unsafe only', it will escape the & < > characters in the markup itself β€” turning tags into visible text. If you want to embed an existing HTML file as displayable code inside another page, that is exactly the right approach.

More Developer Tools

Free tools for encoding, decoding, and working with web content.

πŸ”—URL Encoder / Decoder⚑Text Diff CheckerπŸ”€Text Case ConverterπŸ“ŠWord CounterπŸ“Lorem Ipsum GeneratorπŸ› οΈAll Text Tools

Learn more at MDN: HTML Character References and WHATWG: Named Character References.