HTML entities are special codes used to represent reserved characters in HTML. For example, < must be written as < to prevent it from being interpreted as an HTML tag. Use this tool to encode text for safe HTML output or decode entity references back to readable characters.
Common HTML Entities Reference
| Char | Named Entity | Decimal | Hex | Description |
|---|
How to Encode and Decode HTML Entities
HTML entity encoding converts characters that have special meaning in HTML into safe representations. The five most critical characters are < (less-than), > (greater-than), & (ampersand), " (double-quote), and ' (single-quote). Leaving these unencoded in user-generated content can cause broken markup or cross-site scripting (XSS) vulnerabilities.
Encode Mode
Paste your text into the input, select your entity format (named, decimal, or hex), and choose whether to encode only the 5 special chars or all non-ASCII characters. Click Encode. Named format produces the most readable output (<), while decimal (<) and hex (<) formats work for any Unicode character.
Decode Mode
Switch to Decode mode and paste text containing HTML entities. The decoder handles named entities (&), decimal numeric references (&), and hex numeric references (&). All three types are decoded in a single pass.
When to Use HTML Entity Encoding
Always encode user-generated content before inserting it into HTML. If a user enters <script>alert(1)</script>, encoding it to <script> prevents it from executing. Use encoding when building HTML strings in server-side code, client-side template literals, email templates, or any context where raw user input could be interpreted as markup.
FAQ
Is this HTML entities tool free?
Yes, the HTML entities encoder and decoder is completely free with no account required. Encode and decode HTML characters without any limits.
Is my text data private?
Yes. All encoding and decoding happens entirely in your browser. Your text is never sent to any server.
What is the difference between named, decimal, and hex entities?
All three represent the same characters but in different formats. Named entities use a predefined name: &amp; for &. Decimal entities use the Unicode code point as a number: &#38; for &. Hex entities use the code point in hexadecimal: &#x26; for &. Named entities are the most readable; numeric entities work for any character.
Which characters should be encoded in HTML?
At minimum, always encode < (less-than), > (greater-than), & (ampersand), " (double-quote inside attributes), and ' (single-quote). These five characters have special meaning in HTML and can cause broken markup or cross-site scripting (XSS) vulnerabilities if left unencoded.
How do I decode HTML entities in a web page?
Paste the HTML text containing entities like &lt; or &amp; into the input, switch to Decode mode, and click Decode. The tool reverses named, decimal (&#38;), and hex (&#x26;) entities back to their original characters.
What is the difference between this tool and HTML Entities Reference?
The HTML Entities Reference is a lookup table where you can search for a specific entity by name, character, or code. This tool is an interactive encoder and decoder — paste a block of text and encode or decode all entities in it at once.
Can this tool encode all characters or just special ones?
Both options are available. 'Special chars only' encodes the 5 essential HTML characters (<>&"'). 'All non-ASCII' additionally encodes every character outside basic ASCII (code points above 127) using numeric entities, which is useful for ensuring HTML is safe to include in ASCII-only documents.