Convert special characters to HTML entities or decode entities back to plain text — instantly, no signup.
🔒 Runs in your browser — your text never leaves this page& — &< — <> — >" — "' — ' — non-breaking space© — ©® — ®— — —€ — €HTML encoding is the process of converting characters that have special meaning in HTML — such as <, >, and & — into their corresponding HTML entities: safe text representations that browsers display visually rather than interpret as code. For example, the less-than sign < becomes <, the greater-than sign > becomes >, and the ampersand & becomes &.
HTML entities exist for two main reasons. First, correctness: without encoding, a character like < inside body text would be treated by the browser as the opening of an HTML tag, potentially breaking the page layout. Second, security: encoding user-supplied input before inserting it into a page is a fundamental defense against XSS (Cross-Site Scripting) attacks — a class of vulnerability where malicious JavaScript is injected into a page and executed in other users' browsers.
All encoding and decoding in this tool runs entirely in your browser. Your text never leaves your device — no server, no storage, no signup required.
The most commonly used HTML entities, covering reserved characters, symbols, and punctuation:
| Character | Entity name | Entity number | Description |
|---|---|---|---|
| & | & | & | Ampersand — must always be encoded |
| < | < | < | Less-than — opens HTML tags if unencoded |
| > | > | > | Greater-than — closes HTML tags |
| " | " | " | Double quote — encode inside attributes |
| ' | ' | ' | Single quote / apostrophe |
| © | © | © | Copyright symbol |
| ® | ® | ® | Registered trademark |
| € | € | € | Euro sign |
| £ | £ | £ | Pound sterling |
| ✓ | ✓ | ✓ | Check mark |
| × | × | × | Multiplication / close symbol |
| → | → | → | Right arrow |
| ← | ← | ← | Left arrow |
| |   | Non-breaking space | |
| — | — | — | Em dash |
The tool has two modes, switchable with the Encode / Decode tabs at the top of the tool card:
<, >, &, ", and ' into their safe entity equivalents. Use this when you want to display HTML code visually on a web page, or when sanitizing user input before inserting it into a template.< back to <, & back to &, and so on — giving you the readable, original text.<div> or <script> tag must be encoded before it can appear as visible text on a page.& instead of &). Use Decode mode to convert it back to readable text for display or further processing.HTML encoding converts characters to named or numeric HTML entities (e.g., < → <) so they are safe to include in an HTML document without breaking the markup structure. It is used for page content.
URL encoding converts characters to percent-encoded sequences (e.g., a space → %20, & → %26) so they can be safely transmitted inside a URL without breaking the query string. It is used for web addresses and form data.
Both are forms of character escaping, but they operate in entirely different contexts and use different encoding schemes. If you need URL encoding, use the URL Encode / Decode tool.
HTML entities are text codes that represent characters which have special meaning in HTML or cannot be typed directly. They start with & and end with ;. For example, < displays as < and & displays as &. Entities ensure that characters are shown visually rather than interpreted as HTML markup.
You need to encode HTML when displaying code examples on a web page (so they appear as text, not rendered markup), when inserting user-generated content into a page template (to prevent XSS), when working with CMS rich-text editors, or when embedding special typographic symbols like copyright signs, currency, or arrows in an HTML document.
Replace < with < and > with > in your HTML source. The browser renders them as the visible characters rather than as tag delimiters. Use the Encode mode in this tool to do that conversion automatically for any block of text or code.
HTML encoding produces entities like < and & — used to safely include special characters in HTML content. URL encoding produces percent sequences like %3C and %26 — used to safely include special characters in URLs and query strings. They are different systems for different contexts.
XSS (Cross-Site Scripting) is a security attack where malicious JavaScript is injected into a web page and executed in other users' browsers — potentially stealing session cookies, redirecting users, or performing actions on their behalf. HTML encoding neutralizes this by converting < to < and > to >, so injected script tags appear as plain visible text instead of executable code.