Tools / Text & Data / HTML Entity Encode/Decode
Client-side

HTML Entity Encode/Decode

Encode special characters to HTML entities or decode entities back to plain text, preventing XSS and broken markup in your templates.

What it does

  • Encode special characters to HTML entities
  • Decode HTML entities back to plain text
  • Handles angle brackets, ampersands, and extended characters
  • Runs locally, nothing sent to a server

Unescaped angle brackets or ampersands in a template will break the HTML parser. Use this tool to encode special characters to HTML entities before pasting into a CMS, or decode entities back to plain readable text. Both directions run instantly in your browser.

What HTML entities are

An HTML entity is a placeholder that represents a character which would otherwise be interpreted as markup or cannot be typed reliably. Entities start with an ampersand and end with a semicolon. The five that matter most for safety are &lt; for <, &gt; for >, &amp; for &, &quot; for a double quote, and &#39; for a single quote. Encoding these stops the browser from treating your content as tags or attribute boundaries.

Named versus numeric entities

HTML supports two notations for the same character:

  • Named entities — human-readable shorthand like &copy; (copyright), &nbsp; (non-breaking space), or &eacute; (e with acute accent).
  • Numeric entities — the character's Unicode code point in decimal (&#169;) or hexadecimal (&#xA9;), which works for any character even when no named form exists.

Decoding handles both notations and turns them back into the literal characters they represent.

Common use cases

  • Preventing broken markup and XSS — escape user-supplied text before inserting it into a page so input cannot inject tags or scripts.
  • Pasting code into a CMS — encode a snippet that contains < and > so it displays as text instead of being rendered.
  • Reading scraped or exported HTML — decode a string full of &amp; and numeric references back into clean, readable content.

Privacy: everything runs in your browser

The text you paste is encoded or decoded entirely client-side by a Rust module compiled to WebAssembly. Nothing is uploaded, logged, or stored on a server, which matters when your markup contains internal copy or user data. The tool keeps working even offline once the page has loaded.

Related tools

If you are moving content between formats, the HTML to Markdown converter turns HTML into clean Markdown, and the Markdown to HTML converter goes the other way. For escaping characters in links and query strings rather than markup, use the URL encode and decode tool.