HTML Entities Encoder & Decoder
Convert special characters to HTML entities and back instantly — escape <, >, &, and quotes safely.
Encode and decode HTML entities
The HTML Entities Encoder & Decoder converts special characters into their safe HTML entity equivalents and decodes entities back into plain characters. Switch direction, paste your text, and copy the result instantly. It is the fast way to escape markup so it displays as text, or to read entity-laden HTML — all running locally in your browser.
What are HTML entities?
Certain characters have special meaning in HTML. A < starts a tag, an & starts an entity, and quotes delimit attributes. To display these characters as literal text rather than have the browser interpret them, you replace them with entities: < becomes <, & becomes &, and so on. This is called escaping, and it is essential for showing code, preventing layout breakage, and avoiding security issues.
The core characters to escape
| Character | Entity | Why |
|---|---|---|
| & | & | Starts every entity |
| < | < | Starts a tag |
| > | > | Ends a tag |
| " | " | Delimits attributes |
| ' | ' | Delimits attributes |
When you need this tool
- Displaying code — show HTML snippets on a page without rendering them.
- Documentation and tutorials — present markup as literal text.
- Preventing XSS — escaping user input before inserting it into HTML.
- Debugging — decode entity-encoded content to read it.
How to use it
- Choose Encode to escape characters, or Decode to convert entities back.
- Paste your text or HTML.
- Copy the result, or Swap it back into the input.
Escaping and security
Escaping HTML is one of the most important defenses against cross-site scripting (XSS). Whenever you insert untrusted text into a page, escaping the five core characters prevents the browser from treating that text as markup or script. While frameworks often escape automatically, understanding and being able to escape manually is a valuable skill — and this tool makes it instant.
Private and free
All encoding and decoding run in your browser. Nothing is uploaded or stored, and there are no limits. Use it as much as you like, completely free.
Frequently asked questions
What does HTML encoding do?
It replaces characters like <, >, and & with HTML entities so they display as text instead of being interpreted as markup.
Which characters must be escaped?
The five core ones are &, <, >, double quote, and single quote. This tool escapes all of them.
How does decoding work?
Decoding converts entities such as &lt; back into their original characters, including named and numeric entities.
Does this help prevent XSS?
Escaping untrusted text before inserting it into HTML is a key XSS defense. This tool performs that escaping.