HTML Entity Encoder / Decoder

Encode and decode HTML entities and special characters. Supports named, numeric, and hex formats.

Named entities โ€” e.g. &amp; &lt; &gt; &quot; ยท Encodes only < > & " '

About this tool

The HTML Entity Encoder converts special characters like <, >, &, and " to their HTML entity equivalents (&lt; &gt; &amp; &quot;) and back. HTML entities are required to display reserved markup characters as literal text rather than having them interpreted as HTML tags.

When to use it

  • โ†’Preventing XSS vulnerabilities when rendering user-supplied content in HTML
  • โ†’Displaying code samples containing HTML tags in documentation or blog posts
  • โ†’Preparing text from databases or APIs for safe insertion into HTML
  • โ†’Encoding special characters for use in HTML attributes

Tips

  • โ—†Always encode user-supplied content before inserting it into HTML โ€” this is one of the most important XSS prevention techniques.
  • โ—†Named entities (&amp;) are more readable than numeric entities (&#38;) โ€” use named where available.
  • โ—†Modern frameworks like React escape HTML automatically โ€” manual encoding is mainly needed for raw HTML string construction.

Frequently asked questions

What is an HTML entity?

An HTML entity is a special sequence of characters that represents a symbol in HTML. Entities start with & and end with ;. Named entities like &amp;, &lt;, &gt;, &quot; are human-readable. Numeric entities like &#38; (decimal) or &#x26; (hex) reference the Unicode code point directly and work for any character.

Why is HTML encoding important for security?

If user-supplied text containing < or > characters is inserted into HTML without encoding, it can be interpreted as HTML tags โ€” creating an XSS (Cross-Site Scripting) vulnerability. An attacker can inject <script> tags that execute arbitrary JavaScript in other users' browsers. Encoding converts < to &lt; so it renders as text, not a tag.

Do I need HTML entities in React or Vue?

Usually no. React and Vue escape all text content automatically when you use JSX or template expressions ({{ }}). The risk only appears when using dangerouslySetInnerHTML (React) or v-html (Vue) โ€” those bypass escaping deliberately and require you to sanitize or encode input yourself.

What is the difference between &nbsp; and a regular space?

&nbsp; (non-breaking space) is a space that prevents line breaks at that position and is not collapsed by HTML (regular spaces adjacent to each other collapse to one). Use &nbsp; between words you want to keep together on one line (like '10&nbsp;kg') or when you need multiple consecutive spaces that won't be collapsed by the HTML renderer.

Related tools

Base64 Encoder/DecoderURL Encoder/DecoderJWT Decoder
๐Ÿฅท ToolNinja