HTML Entity Encoder
Encode and decode HTML entities.
Common HTML Entities
Frequently Asked Questions
What are HTML entities and why are they needed?
HTML entities are special codes that represent characters which have meaning in HTML syntax (like <, >, &, ") or characters not available on standard keyboards. For example, < must be written as < in HTML to avoid being interpreted as a tag. Entities prevent rendering errors and security vulnerabilities like XSS attacks.
What is the difference between named and numeric entities?
Named entities use memorable names like & for &, < for <, and for non-breaking space. Numeric entities use the Unicode code point: & (decimal) or & (hexadecimal) for &. Numeric entities can represent any Unicode character; named entities only cover a defined set.
Which characters should I encode in HTML?
At minimum, always encode the five special HTML characters: < (<), > (>), & (&), " ("), and ' (' or '). For maximum compatibility, also encode non-ASCII characters like accented letters and special symbols, especially if your page encoding is not UTF-8.
Can I use this tool to prevent XSS attacks?
Encoding user input as HTML entities is a key defense against Cross-Site Scripting (XSS). Converting < and > to < and > prevents injected script tags from executing. However, proper XSS prevention requires server-side encoding and Content Security Policy headers — client-side encoding alone is not sufficient.
Does the decoder handle all entity formats?
Yes — the decoder recognizes named entities (&), decimal numeric entities (&), and hexadecimal numeric entities (&). It handles all 2,231 named HTML entities defined in the HTML5 specification and any valid Unicode code point in numeric format.