HTML Entity Encoder
Encode text to HTML entities (or decode entities back to text) to safely display special characters and prevent XSS. Toggle between named entities only or full escaping including apostrophes and slashes. Runs client-side.
About HTML Entity Encoding
Escapes &, <, >, and quotes to their HTML entity equivalents to prevent XSS and rendering issues. Tidy up surrounding markup with theHTML Beautifier, or compress the output with HTML Minifier.
Secure & Private Client-Side
This tool runs entirely in your browser. No data is sent to any server, ensuring your information remains private and secure.
About HTML Entity Encoder
Encode text to HTML entities (or decode entities back to text) to safely display special characters and prevent XSS. Toggle between named entities only or full escaping including apostrophes and slashes. Runs client-side.
Frequently Asked Questions
Which characters are encoded by default? expand_more
The default mode encodes ampersand, less-than, greater-than, and double-quote using their named entities. Enable the extra toggle to also encode apostrophes and slashes.
Does this prevent XSS? expand_more
It is a strong defense-in-depth measure when escaping user-supplied text before inserting it into HTML, but you should also use a proper sanitizer and CSP.
Can I decode existing entities? expand_more
Yes. Switch to Decode mode and paste text containing entities to convert them back to characters.
How does this relate to URL encoding? expand_more
They solve different problems. HTML entities are for HTML content; use the [URL Encoder](/tools/url-encoder/) for query strings and paths.
Is my text uploaded? expand_more
No. All encoding and decoding happens locally in your browser.
Common Use Cases
- XSS Prevention: Escape user-supplied text before inserting into HTML.
- Code Samples: Show HTML tags as text without them being interpreted.
- Email Content: Safely include special characters in HTML emails.
- XML Authoring: Encode ampersands and angle brackets in XML content.