HTML Entities

Encode and decode HTML entities for safe use in web pages

What is it and how does it work?

An HTML entities encoder and decoder converts special characters into their HTML entity form and back — turning < into &lt;, & into &amp;, and accented or symbol characters into named or numeric codes. Some characters have special meaning in HTML: a raw < starts a tag, and a raw & starts an entity, so to display them as literal text on a page they must be encoded. Entity encoding is how you put angle brackets, ampersands, quotes and unusual symbols into HTML without the browser misinterpreting them as markup.

The most important reason to encode is correctness and safety: if you insert user-provided text into a page without encoding it, characters like < and > can break your layout or, worse, let injected markup run as code. Encoding neutralises that by turning the characters into harmless entities that display exactly as typed. Decoding does the reverse — useful when you receive entity-encoded text and want to read or process the original characters. This tool does both in your browser, so nothing you paste is uploaded.

Common use cases

• Displaying code on a page: encode a snippet so that < and > show as text instead of being read as HTML tags.
• Safely showing user input: encode text from a form or comment before inserting it into a page to prevent broken markup.
• Reading encoded text: decode a string full of &amp; and &lt; back into its original readable characters.

Frequently asked questions

Which characters must be encoded in HTML?

The essential ones are < (&lt;), > (&gt;), & (&amp;) and, inside attribute values, the quote characters " (&quot;) and ' (&#39;). These have structural meaning in HTML, so encoding them ensures they display as literal text rather than being parsed as markup.

What is the difference between named and numeric entities?

Named entities use a readable label (&copy; for ©), while numeric entities use the character's code point (&#169; for the same ©). Named entities are easier to read but exist only for some characters; numeric entities work for any character, which is why both forms appear.

Why does encoding matter for security?

Inserting unencoded user text into a page lets characters like < introduce tags, which can run injected scripts — a cross-site scripting (XSS) risk. Encoding turns those characters into inert entities, so the text displays harmlessly instead of being executed as markup.

Does encoding change how the text looks to a reader?

No. A properly encoded entity renders as the exact character it represents — &amp; shows as &, &lt; shows as <. The visible result is identical; encoding only changes the underlying source so the browser treats the character as text rather than markup.

Text

Uppercase / Lowercase · Word Counter · Character Counter · Lorem Ipsum Generator · Remove Extra Spaces · Sort Text Lines