HTML Entity Encoder/Decoder
Encode special characters to HTML entities or decode HTML entities back to characters.
Input
Common Entities
Encoded HTML
<div class="example">Hello & Welcome!</div>Preview Rendered
Entity Reference
&<>"' ©®™€£¥¢§°±×÷•…What Are HTML Entities?
HTML entities are special sequences of characters used to represent reserved or non-printable characters in HTML markup. Because HTML uses angle brackets, ampersands, and quotation marks as structural syntax, displaying those same characters as literal text requires escaping them into entity form. Without proper encoding, a raw < character would be interpreted as the start of an HTML tag rather than displayed as visible text.
An HTML entity begins with an ampersand (&) and ends with a semicolon (;). Between those delimiters, you write either a named identifier (for example & for the ampersand itself) or a numeric code point (for example & for the same character). Both forms are equally valid; named entities are more readable while numeric entities cover every Unicode code point regardless of whether a named alias exists.
HTML entities solve three overlapping problems. First, they prevent browser parsing errors when special syntax characters appear in text content. Second, they allow authors to insert characters that are absent from their keyboard layout, such as the Euro sign € or the trademark symbol ™. Third, they protect web applications from cross-site scripting (XSS) injection by ensuring that user-supplied angle brackets and quotes are rendered as harmless display characters rather than executed markup.
The HTML Entity Encoder tool automates the conversion in both directions. Paste raw text to encode it into safe HTML, or paste entity-laden markup to decode it back to human-readable characters. Choose between named entities for readability or numeric entities for maximum Unicode portability.
How the Encoder and Decoder Work
The encoder operates by scanning the input string character by character and replacing each special character with its corresponding entity. Two encoding strategies are available:
Named Entity Encoding
The tool maintains an internal lookup table mapping characters to their standard named entities. When a character in the input matches a key in that table, it is replaced by the named entity value. For instance, every occurrence of & becomes &, every < becomes <, and every > becomes >. Named entities are defined by the HTML specification and are supported in all modern browsers.
Numeric Entity Encoding
When numeric encoding is selected, the tool examines the Unicode code point of each character. If the code point is greater than 127 (i.e., outside the basic ASCII printable range) or if the character is one of the five HTML-reserved characters (&, <, >, ", '), it is replaced by its decimal numeric entity in the form &#N; where N is the decimal code point.
Decoding
Decoding reverses both formats simultaneously. The tool first applies a reverse lookup to convert every known named entity back to its original character. It then applies two regular-expression replacements: /&#(d+);/g to handle decimal numeric entities and /&#x([0-9a-fA-F]+);/g to handle hexadecimal numeric entities. The result is fully human-readable plain text.
Numeric Entity Encoding Rule
Where:
- c= The character being evaluated
- N= The decimal Unicode code point of the character (charCodeAt result)
- &#N;= The resulting decimal numeric HTML entity
Named vs. Numeric Entities: When to Use Each
Choosing between named and numeric HTML entities depends on your use case, the characters involved, and your audience's browser compatibility requirements.
Named Entities
Named entities are defined in the HTML specification and have human-friendly identifiers. < is instantly recognizable as a less-than sign; © obviously represents a copyright symbol. They improve code readability in source views and are universally supported by all HTML5-compliant browsers. Use named entities when you want your HTML source to remain easy to audit by colleagues or static analysis tools.
Numeric Entities
Numeric entities can represent every Unicode character, not just the roughly 250 characters that have named aliases. If you need to encode an obscure mathematical symbol, a rare CJK character, or an emoji, a numeric entity will always work even when no named alias exists. Numeric entities also travel safely through legacy systems and XML parsers that do not recognize HTML5 named entities. Use numeric entities when maximum portability across parsers and encoding-agnostic systems is more important than source readability.
The Five Essential Entities
Regardless of which encoding style you choose, the following five characters should always be encoded in HTML attributes and text content:
| Character | Named Entity | Numeric Entity | Reason to Encode |
|---|---|---|---|
| & | & | & | Starts all entities; ambiguous without encoding |
| < | < | < | Opens HTML tags; causes parsing errors in text |
| > | > | > | Closes HTML tags; may break markup structure |
| " | " | " | Terminates attribute values delimited by double quotes |
| ' | ' | ' | Terminates attribute values delimited by single quotes |
HTML Encoding and Web Security (XSS Prevention)
One of the most important practical applications of HTML entity encoding is defending against cross-site scripting (XSS) attacks. XSS is a class of web vulnerability where an attacker injects malicious script into a page that is later viewed by other users. If a web application outputs user-supplied text directly into an HTML page without encoding it, an attacker can submit input containing <script> tags or event attributes like onerror= that the browser will execute.
By encoding user input before rendering it in HTML, you neutralize the attack. A submitted payload of <script>alert(1)</script> becomes <script>alert(1)</script>, which the browser renders as visible text rather than executable code. The attacker's script never runs.
Security-conscious developers should encode output in context-appropriate ways. Text content nodes require encoding of &, <, and >. HTML attribute values additionally require encoding " and '. JavaScript string contexts require JavaScript string escaping, not just HTML encoding. Always apply the encoding strategy that matches the output context.
This HTML entity encoder tool is useful during development and code review to verify that specific strings encode correctly. For production applications, rely on a well-maintained server-side library or your templating engine's built-in auto-escaping rather than manual substitution.
Common Use Cases for HTML Entity Encoding
HTML entity encoding is relevant across a wide range of development, content management, and data-exchange scenarios.
Displaying Code Snippets
Technical documentation and developer blogs frequently display HTML source code as visible text. Without encoding, a code sample containing <div> would be interpreted by the browser as an actual div element rather than text. Encoding the snippet with this tool converts it to <div>, which renders correctly inside a <pre> or <code> block.
Email Templates
HTML email clients vary widely in their handling of special characters. Encoding typographic characters such as em dashes (—), left and right quotes (“, ”), and the non-breaking space ( ) ensures consistent rendering across Gmail, Outlook, Apple Mail, and other clients.
CMS and Rich-Text Editors
Content management systems sometimes store content with HTML entities rather than raw Unicode to ensure database and export compatibility. Being able to decode entity-encoded content back to readable text helps editors verify what was actually stored and diagnose display inconsistencies.
Data Migration and API Integration
When consuming HTML from third-party APIs, scraped web pages, or legacy content exports, the data often contains HTML entities that need to be decoded before processing, storing in a database, or displaying in a non-HTML interface. The decoder mode handles both named and numeric (decimal and hexadecimal) entity forms in a single pass.
Internationalization
Non-ASCII characters such as accented Latin letters, currency symbols (€, £, ¥), and mathematical operators (±, ×, ÷) can be safely embedded in any HTML document using their numeric entities, eliminating dependence on a correctly declared character encoding.
Worked Examples
Encode an HTML Tag String (Named Entities)
Problem:
Encode the string `<div class="example">Hello & Welcome!</div>` using named entity encoding so it can be displayed as visible text in a browser.
Solution Steps:
- 1Set mode to Encode and encoding type to Named Entities.
- 2The encoder scans for characters in the named entity table: < → <, > → >, " → ", & → &.
- 3The < at position 0 becomes <.
- 4The " around 'example' each become ".
- 5The > closing the opening tag becomes >.
- 6The & before 'Welcome' becomes &.
- 7The < before /div becomes < and the > at the end becomes >.
Result:
<div class="example">Hello & Welcome!</div>
Encode a Currency Symbol (Numeric Entities)
Problem:
Encode the string `Price: €49.99 or £39.99` using numeric entity encoding to ensure portability across all parsers.
Solution Steps:
- 1Set mode to Encode and encoding type to Numeric Entities.
- 2The encoder checks each character's code point using charCodeAt.
- 3The € character has code point 8364 (greater than 127), so it encodes to €.
- 4The £ character has code point 163 (greater than 127), so it encodes to £.
- 5ASCII characters (P, r, i, c, e, :, space, digits, period) have code points ≤127 and are not in the reserved set, so they pass through unchanged.
Result:
Price: €49.99 or £39.99
Decode Mixed Named and Numeric Entities
Problem:
Decode the string `<p>Copyright © 2024 & All rights → Reserved</p>` back to plain text.
Solution Steps:
- 1Set mode to Decode.
- 2The decoder first applies the reverse named-entity lookup: < → <, > → >, & → &.
- 3The decimal numeric entity © is matched by /&#(\d+);/g; String.fromCharCode(169) gives ©.
- 4The hexadecimal numeric entity → is matched by /&#x([0-9a-fA-F]+);/g; parseInt('2192', 16) = 8594; String.fromCharCode(8594) gives →.
- 5All substitutions are applied and the fully decoded string is assembled.
Result:
<p>Copyright © 2024 & All rights → Reserved</p>
Encode a JavaScript Alert Payload for Safe Display
Problem:
A security audit needs to display the XSS payload `<script>alert('xss')</script>` as visible text on a documentation page.
Solution Steps:
- 1Set mode to Encode and encoding type to Named Entities.
- 2The < before script becomes <.
- 3The > after script becomes >.
- 4The single quotes ' each become ' (the tool maps ' to ' rather than a named entity).
- 5The < before /script becomes < and the final > becomes >.
- 6The encoded string is now safe to place inside any HTML element as visible text.
Result:
<script>alert('xss')</script>
Tips & Best Practices
- ✓Always encode &, <, >, ", and ' when inserting user-supplied text into HTML to prevent XSS vulnerabilities.
- ✓Use named entities (&lt;, &amp;) in HTML source code you intend humans to read and maintain.
- ✓Switch to numeric entities when targeting XML parsers or systems that may not support all HTML5 named entity aliases.
- ✓The Swap button lets you quickly round-trip a string: encode it, then swap and decode to verify the original is recovered.
- ✓Non-breaking spaces (&nbsp;) prevent line breaks between words in formatted output such as dates and names; encode them explicitly when needed.
- ✓When displaying code samples in documentation, always encode the snippet first so browsers render it as visible text instead of parsing it as markup.
- ✓For email templates, encode typographic characters (em dashes, curly quotes, currency symbols) to guarantee consistent rendering across all email clients.
- ✓Hexadecimal numeric entities (→) and decimal numeric entities (→) are interchangeable; this decoder handles both forms simultaneously.
Frequently Asked Questions
Sources & References
Last updated: 2026-06-05
Help us improve!
How would you rate the HTML Entity Encoder/Decoder?
Editorial Note
MyCalcBuddy Editorial Team
This page is maintained as an educational calculator reference.
Formula Source: Standard Mathematical References
by Various