HTML Entity Encoder/Decoder

Encode special characters to HTML entities or decode entities back to plain text. 100% free and private.

Encode or Decode HTML Entities

0 charsType or paste text, or try a sample
0 chars0 entities

About HTML Entity Encoder/Decoder

This free online tool converts text to HTML entities and decodes HTML entities back to text, all in your browser. HTML entity encoding replaces characters with special meaning in HTML (&, <, >, ", ') with safe text representations called entity references. This is essential for preventing broken markup and XSS attacks when inserting user-generated content into web pages.

How to Use

  1. Select direction - Choose Encode (text to entities) or Decode (entities to text)
  2. Choose encoding mode - Minimal (5 special chars), Named (readable entities), Numeric (decimal &#NN;), or All non-ASCII
  3. Enter text - Type or paste your content into the input area
  4. Convert - Click Convert or press Ctrl+Enter to process
  5. Copy or swap - Copy the output, or use Swap to reverse the direction

Encoding Modes

  • Minimal - Encodes only the 5 HTML-special characters (& < > " '). Safe default for inserting content into HTML body or attributes.
  • Named - Uses readable named entities like &copy; and &euro; where a named entity exists. More readable but only covers characters that have predefined names.
  • Numeric - Encodes every non-ASCII character as a decimal numeric entity (like &#169;). Safe for any Unicode character.
  • All non-ASCII - Encodes everything outside printable ASCII (codepoints 32-126) as entities. Use for strict ASCII-only pipelines.

Common Use Cases

  • XSS prevention - Escape user input before inserting it into HTML to prevent cross-site scripting attacks
  • Email templates - Encode special characters in HTML email bodies for reliable rendering
  • CMS content - Clean up entity-encoded content exported from WordPress, Drupal, or other CMS platforms
  • API debugging - Decode HTML entities in API responses and scraped web content for readability
  • Legacy system compatibility - Encode non-ASCII characters for systems that only support ASCII

HTML Entity Reference

CharacterNamed EntityDecimalHexDescription

Why AI Cannot Reliably Encode HTML Entities

AI assistants like ChatGPT and Claude make systematic errors on HTML entity encoding: they may forget to encode the ampersand first (causing double-encoding), produce different results for the same input across sessions, mishandle surrogate pairs (emoji and CJK characters), incorrectly decode hex entities, or omit encoding entirely on edge cases. This tool uses deterministic JavaScript with the correct WHATWG HTML serialization rules - it produces bit-perfect, repeatable results every time, with zero hallucination.

Frequently Asked Questions

What is HTML entity encoding?

HTML entity encoding replaces characters that have special meaning in HTML (like <, >, &, ", ') with safe text representations called entities. For example, < becomes &lt; so the browser displays it as text instead of interpreting it as a tag. This prevents broken markup and XSS attacks when inserting user content into HTML pages.

What are the 4 encoding modes?

Minimal: Only encodes the 5 HTML-special characters (& < > " ') - the safest default. Named: Uses readable named entities like &copy; and &euro; where available. Numeric: Encodes all non-ASCII characters as decimal numeric entities like &#169;. All non-ASCII: Encodes every character outside printable ASCII range for legacy/ASCII-only pipelines.

What entity formats does the decoder support?

The decoder handles all three HTML entity formats: named entities (&amp;, &lt;, &gt;, &quot;, &apos;, &copy;, &euro;), decimal numeric entities (&#38;, &#60;, &#62;, &#169;), and hexadecimal numeric entities (&#x26;, &#x3C;, &#x3E;, &#xA9;). It correctly decodes surrogate pairs including emoji characters.

Is my data uploaded to a server?

No. The entire encode/decode process runs locally in your browser using JavaScript. Your text never leaves your device. You can verify this by opening your browser's Developer Tools (F12), going to the Network tab, and observing that no outbound requests are made when you encode or decode text. No signup, no tracking, no data storage.

When should I use minimal vs numeric vs named encoding?

Use Minimal when inserting content into HTML body or attributes - it encodes only the 5 dangerous characters while keeping text readable. Use Named when you want human-readable entities for common symbols (copyright, trademark, currency). Use Numeric when passing HTML through pipelines that may not understand named entities. Use All non-ASCII when targeting strict ASCII-only systems like legacy email servers or older APIs.

Why can't AI chatbots reliably encode HTML entities?

AI assistants hallucinate entity encoding on edge cases - they may forget to encode the ampersand first (causing double-encoding), mishandle surrogate pairs, produce inconsistent output for the same input across sessions, or incorrectly decode hex entities. This tool uses deterministic JavaScript with the correct WHATWG HTML serialization rules for bit-perfect, repeatable results every time.

Comments & Ratings

Be the first to comment.