HTML Entity Encoder & Decoder
Safely encode or decode special characters into HTML entities. Prevent XSS attacks, display code snippets, and sanitize user input instantly.
HTML entity encoding replaces reserved characters so browsers render them as text rather than markup: & becomes &, < becomes <, and > becomes >. The copyright symbol © is © and the euro sign € is €. This encoding is mandatory when displaying user-generated content in HTML to prevent cross-site scripting (XSS) attacks and broken page rendering.
Why HTML Entity Encoding Matters
1. Preventing XSS in Web Applications
Cross-Site Scripting (XSS) remains one of the most common web vulnerabilities. When user-generated content is rendered without proper encoding, attackers can inject malicious scripts. By converting characters like < and > into < and >, you neutralize any potential HTML or JavaScript. This tool automatically encodes all dangerous characters, making it essential for developers building comment sections, forums, or any input-heavy interface.
encode: & → & < → < > → > " → " ' → 'decode: < → < © → © € → € 2. Displaying Code Examples in HTML
Technical blogs and documentation sites need to show HTML, JavaScript, or XML snippets without the browser interpreting them. Without encoding, a <div> tag would disappear. By using entity encoding, you preserve the exact source code for your readers. This tool instantly converts pasted code into a safe, display-ready format — perfect for tutorials, API docs, and code playgrounds.
3. Email HTML Templates & CMS Sanitization
Email clients and content management systems often strip or misinterpret unescaped characters. Using HTML entities ensures that symbols like copyright (©), trademark (™), and arrows (→) render correctly across all email providers. Similarly, when migrating content from WYSIWYG editors to headless CMS, proper entity encoding prevents broken layouts and injection risks. This utility supports all HTML5 named entities, giving you full control over content safety.
Common HTML Entity Reference
| Original Character | Named Entity | Numeric Entity |
|---|---|---|
| & | & | & |
| < | < | < |
| > | > | > |
| © | © | © |
| € | € | € |
| → | → | → |
Frequently Asked Questions
How do I convert '<' to HTML?
The '<' character is converted to '<' to prevent it from being parsed as a tag.
What is the entity for the '&' symbol?
The '&' symbol must be encoded as '&' in HTML to be valid.
How many entities are in the HTML5 named map?
There are over 2,000 named entities supported, including symbols like © and €.
Is my code safe while sanitizing for XSS?
Yes, all encoding is local. Your sensitive code never leaves your device.
How many characters is the '→' arrow entity?
The '→' character is represented by 6 characters in HTML: '→'.
What is the formula for HTML Entities?
The tool uses a replacement map for core characters like <, >, &, ", and ' to their entity counterparts.