Convert special HTML characters like &, <, >, " to HTML entities — and back — directly in your browser.
Decode Mode
Once: one level. &lt; → <
Output Mode
RAW: original characters. SAFE: safe for innerHTML.
Test:
Enter text and click Encode Now.
Encoded Result
⚠️ Potential XSS detected. Do not use with innerHTML.
⚠️ innerHTML Preview — Debug Only
Manage HTML entities faster and more securely
HTML entities display special characters on web pages without breaking HTML structure. This tool helps you encode and decode them effortlessly.
Runs in Your Browser No data is ever sent to a server. All encoding and decoding happens directly on your device — private and secure.
Encode & Decode Two modes in one tool: convert text to HTML entities, or reverse entities back to plain text.
One-Click Copy Copy the converted output instantly with the Copy Result button — no manual selection needed.
Built for Developers Encode API output, escape user content, or prepare text for safe HTML insertion in seconds.
All HTML Entities Supports all special HTML characters: &, <, >, ", ' and Unicode characters.
No Login Required Use it right away without creating an account. No tracking, no unnecessary cookies.
Character Count Displays the input and output character counts so you always know the exact size of your data.
Always Free Use it anytime without limits, no cost, no intrusive ads — forever.
Frequently Asked Questions
What are HTML entities?
HTML entities are text representations of special characters that carry meaning in HTML. For example, < becomes <, > becomes >, & becomes &, and " becomes ". They are required so browsers display those characters as text rather than interpreting them as HTML code.
When should I encode HTML?
You should encode HTML whenever you display user-generated content on a web page, store text inside HTML attributes, or insert data into HTML tags to prevent XSS (Cross-Site Scripting) attacks.
Is my data sent to a server?
Not at all. The entire encode and decode process runs inside your browser using JavaScript. Your data never leaves your device.
What is the difference between encode and escape HTML?
Both refer to the same concept: replacing special HTML characters with their entity equivalents. "Escape" is commonly used in a security context (preventing injection), while "encode" is the more general term for format conversion.
Which characters are encoded?
This tool encodes all characters that have HTML entities, including & (&), < (<), > (>), " ("), ' ('), as well as non-ASCII characters such as accented letters and Unicode symbols.
What is Decode mode?
Decode mode reverses the encode process — it converts a string of HTML entities back into the original plain text. It is useful for reading escaped content, inspecting template engine output, or debugging HTML responses.
How does HTML encoding prevent XSS?
By encoding all user input before rendering it as HTML, dangerous characters such as < and > are not interpreted as HTML tags by the browser, preventing the execution of malicious scripts.
Can I decode numeric entities like <?
Yes. This tool supports decoding both decimal numeric entities (<) and hexadecimal entities (<), in addition to standard named entities like <.
Is this different from URL encoding?
Yes. HTML encoding replaces special HTML characters with entities for display in web pages. URL encoding (percent encoding) replaces characters with %XX notation for use inside URLs. Both serve different purposes.
Is this tool free?
Yes. The HTML Encoder & Decoder is completely free, requires no account, has no usage limits, and is available forever.
Encode
& Decode
HTML
Instantly
