HTML Entity Encoder / Decoder

Q: When must I encode ampersands?

Encode & as & whenever it is literal text, not starting a valid entity reference. Unencoded & breaks HTML parsing.

Q: What is the difference between named and numeric entities?

Named entities use codes like &copy;. Numeric entities use code points like &#169; or &#xA9;. Both render the same character.

Q: Does entity encoding encrypt my content?

No. Entities are display escaping, not encryption. Browsers decode them back to readable text instantly.

Input

Output

—

How to Use the HTML Entity Encoder / Decoder

HTML reserves characters like <, >, &, and " for markup syntax. Displaying literal angle brackets or ampersands in web pages requires HTML entities — escape sequences the browser renders as characters instead of interpreting as tags. Entity encoding converts < into < and & into &, preventing broken layout and cross-site scripting (XSS) vulnerabilities.

Named entities use mnemonic codes: © for ©,   for non-breaking space, — for em dash. Numeric entities reference Unicode code points: © or © both produce ©. Decoding reverses entities to plain text for content migration, email template editing, and RSS feed cleanup.

Developers encode user-generated content before inserting it into HTML templates. Content managers decode CMS exports that over-escaped quotes during import. Test both directions when data passes through multiple systems — double-encoding turns ampersands into &amp; visible on the page.

Security contexts demand encoding all untrusted input displayed in HTML context. Attribute values need quote encoding; JavaScript contexts need different escaping entirely. This tool handles HTML body and attribute entity conversion — pair with URL encoding when entities appear inside href values.

Whether you are sanitizing blog comments, fixing garbled entities in imported WordPress content, or preparing XML-safe strings, HTML entity conversion keeps special characters from breaking markup or creating security holes.

Common use cases

XSS prevention
Encode user input before rendering in HTML pages to block injected script tags and event handlers.
CMS migration
Decode over-escaped content imported from other platforms into clean editable text.
Email templates
Convert special characters to entities so HTML emails render correctly across clients.
Documentation
Show code examples in HTML docs by encoding angle brackets and ampersands safely.
RSS and XML feeds
Ensure feed content with special characters validates against XML entity rules.

Frequently asked questions

Encode & as & whenever it is literal text, not starting a valid entity reference. Unencoded & breaks HTML parsing.

Named entities use codes like &copy;. Numeric entities use code points like &#169; or &#xA9;. Both render the same character.

No. Entities are display escaping, not encryption. Browsers decode them back to readable text instantly.

How to Use the HTML Entity Encoder / Decoder

Common use cases

XSS prevention

CMS migration

Email templates

Documentation

RSS and XML feeds

Frequently asked questions

When must I encode ampersands?

What is the difference between named and numeric entities?

Does entity encoding encrypt my content?

Related tools