HTML Entity Encoder / Decoder

Encode text to HTML entities or decode entities back to plain characters.

100% Free No signup Works in your browser No data uploaded

How to use the HTML Entity Encoder / Decoder

Step 1 — Choose a mode

  • Switch between Encode and Decode.

Step 2 — Enter text

  • Type or paste the input.

Step 3 — Convert

  • The result updates; copy it with one click.

Private

  • Everything runs in your browser.

Frequently asked questions

What does encoding do?

It replaces characters that have special meaning in HTML — like <, >, &, and quotes — with their entity equivalents (<, >, &) so they display as text instead of being parsed as markup.

What does decoding do?

It turns entities back into the characters they represent, including named entities like &copy; and numeric ones like &#169;, using the browser own parser for full coverage.

When would I need this?

When you want to show code or markup on a web page without it rendering, when fixing text where entities appear literally, or when preparing content that must be safe to drop into HTML.

Does encoding make my site secure?

Encoding output that goes into HTML is an important part of preventing cross-site scripting, but real security depends on encoding in the right context on the server. Treat this tool as a helper, not a complete security solution.

Is my text private?

Yes. Both encoding and decoding happen entirely in your browser; nothing is uploaded.

Related tools

All Text & Developer →
URL Encoder / DecoderText & Developer Base64 Encoder / DecoderConverters Code MinifierText & Developer UUID GeneratorText & Developer Text Diff CheckerText & Developer Regex TesterText & Developer

About the HTML Entity Encoder / Decoder

This tool converts between plain text and HTML entities in both directions. Encoding turns special characters into their safe entity form; decoding turns entities back into the characters they stand for. It is a small but constant need for anyone working with web content.

Why entities exist

A handful of characters carry special meaning in HTML. A less-than sign begins a tag, an ampersand begins an entity, and quotes delimit attributes. If you want those characters to appear as literal text — showing a snippet of code on a page, for instance — the browser would otherwise try to interpret them as markup, breaking the page or hiding your content. Encoding solves this by swapping each special character for an entity: < for the less-than sign, & for the ampersand, and so on. The browser then displays the intended character without acting on it.

Encoding and decoding

Encoding here replaces the core markup-significant characters so your text is safe to place inside HTML. Decoding does the reverse, and because it uses the browser own HTML parser it understands the full range of entities — not just the common named ones like &copy; and &nbsp;, but numeric forms such as &#169; and hexadecimal ones too. That makes it reliable for cleaning up text that has arrived with entities showing literally, a common annoyance when content passes through several systems and gets encoded more than once.

A note on security

Encoding text before putting it into a web page is a key defence against cross-site scripting, where malicious input is crafted to run as code. This tool is useful for understanding and previewing that, but genuine protection comes from encoding consistently in the correct context within your application, usually on the server, rather than pasting through a tool by hand. Use this to learn, preview, and fix content; rely on your framework escaping for live security. Everything runs locally in your browser. For URL escaping or Base64, see the related encoders.

Copied to clipboard