🔤Output appears here
Common HTML Entities Reference
CharacterNamedNumericDescription
&&&Ampersand
<<<Less than
>>>Greater than
"""Double quote
'''Single quote
 Non-breaking space
©©©Copyright
®®®Registered
™™™Trademark
→→→Right arrow
🔤Output appears here
';
document.getElementById('he-out').className='out ph';
};
onKey('ctrl+enter', window.heRun);
})();
HTML Entities Encoder
Free online HTML entities encoder and decoder. Convert special characters like <, >, &, ", ' to their HTML entity equivalents (<, >, &, ", ') and back. Essential for safely displaying user-generated content in HTML. Fully client-side.
Free
No login
100% browser-based
No data sent to servers
Try these next
What is a HTML Entities Encoder?
HTML entities are escape sequences for characters that have special meaning in HTML or that cannot be reliably typed. The five characters that must always be escaped in HTML content are < (<), > (>), & (&), " ("), and ' ('). Failing to escape these can cause HTML injection or XSS vulnerabilities.
This tool encodes any text to its HTML entity representation (replacing special characters with their &entity; or &#code; forms) and decodes HTML entities back to plain text. Useful for safely embedding user-generated content in HTML, writing documentation, and debugging HTML parsing issues.
What are HTML entities?
HTML entities are special codes used to display reserved characters in HTML. For example, < and > are used to define HTML tags, so to display a literal < character you must write < instead. Entities start with & and end with ; and can be named (&, <, >) or numeric (&, <, >).
When do I need to encode HTML entities?
You need HTML entity encoding when: displaying user-generated content in HTML (to prevent XSS attacks), putting literal angle brackets or ampersands in HTML text, embedding code examples in web pages, and working with CMS systems that process HTML. Any time user input is rendered as HTML, it must be entity-encoded first.
What's the difference between HTML encoding and URL encoding?
HTML encoding converts characters to HTML entities (<, &) for safe rendering in HTML. URL encoding converts characters to percent-encoded sequences (%3C, %26) for safe use in URLs. Both escape the same dangerous characters but in different formats for different contexts. Use HTML encoding for HTML content, URL encoding for query parameters and URLs.
What is the difference between HTML entities and URL encoding?
HTML entities encode characters for safe display inside HTML documents (e.g. & → & to prevent it being parsed as an entity). URL encoding (percent-encoding) encodes characters for safe inclusion in URLs (e.g. & → %26). Use HTML entities in HTML content; use URL encoding in URLs and query parameters. Never mix them up.
Which characters must always be HTML-encoded?
Five characters are mandatory: & → & (always encode first), < → <, > → >, " → " (in attributes), ' → ' or ' (in attributes). Beyond these, any character can optionally be encoded by its Unicode code point: © → © or ©. Modern UTF-8 HTML documents rarely need to encode non-ASCII characters.
What is the difference between named and numeric HTML entities?
Named entities use a readable name: © (&copy;), (non-breaking space), € (€). Numeric entities use the Unicode code point in decimal (©) or hexadecimal (©). Numeric entities work for every Unicode character; named entities only work for the ~250 characters with defined names in the HTML spec.
Does HTML encoding prevent XSS attacks?
Yes — proper HTML encoding is the primary defence against Cross-Site Scripting (XSS). By encoding user-supplied input before inserting it into HTML, you prevent browsers from interpreting injected scripts. Always encode on output (not input) and encode in the correct context: HTML encoding for HTML content, JavaScript encoding for JS strings, CSS encoding for CSS values. Never use a single encoding for all contexts.