HTML Entities Encode / Decode

Escape special characters to their HTML entity equivalents, or unescape HTML entities back to plain text. Supports named entities (&, <, >), decimal numeric references (<), and hexadecimal references (<). Everything runs in your browser — your data never leaves your machine.

Mode
Encode format
All chars
Input · Plain Text
Size: 0 B Chars: 0
Output · HTML Entities
Size: 0 B Entities: 0
Common HTML entities reference
CharacterNamedDecimalHexDescription
&&&&Ampersand
<&lt;&#60;&#x3C;Less-than sign
>&gt;&#62;&#x3E;Greater-than sign
"&quot;&#34;&#x22;Quotation mark
'&#39;&#39;&#x27;Apostrophe
 &nbsp;&#160;&#xA0;Non-breaking space
©&copy;&#169;&#xA9;Copyright sign
®&reg;&#174;&#xAE;Registered trademark
&trade;&#8482;&#x2122;Trademark symbol
&euro;&#8364;&#x20AC;Euro sign
❤️ Support CodeConverter.net and donate ❤️

Everything you need to know about HTML Entities

What are HTML entities?

HTML entities are escape sequences used to represent characters that have special meaning in HTML or that cannot easily be typed. An entity begins with an ampersand (&) and ends with a semicolon (;). For example, the less-than sign (<) must be written as &lt; inside HTML, because the browser would otherwise interpret it as the start of an HTML tag.

There are three types of HTML character references: named entities like &amp;, decimal numeric references like &#38;, and hexadecimal references like &#x26;. All three forms produce identical output in the browser. Named entities are easier to read, while numeric references support any Unicode code point — even characters that have no named entity defined.

When to encode
  • Inserting user input into HTML to prevent XSS attacks
  • Displaying source code snippets (<pre> blocks) in HTML
  • Rendering <, >, and & as visible text
  • Adding symbols like © or € that vary across encodings
When to decode
  • Reading entity-encoded content from APIs or scraped HTML
  • Converting HTML-escaped RSS or Atom feed content
  • Inspecting double-encoded HTML in legacy systems
  • Preparing text for insertion into a database or template
How to use this tool
  • Choose Encode or Decode mode
  • Select Named, Decimal, or Hex entity format for encoding
  • Paste your input and click the convert button
  • Copy or download the result with one click
100% private & client-side
  • All encoding/decoding runs in your browser via JavaScript
  • Safe to use with sensitive HTML templates or source code
  • No data transmitted to any server at any point
  • Works offline after the initial page load
Named vs. numeric entities
  • Named entities are human-readable: &amp;, &copy;
  • Numeric entities work for any Unicode character
  • Both are parsed identically by all modern browsers
  • Hex references use the &#x…; prefix (e.g. &#x3C;)
Security: HTML escaping vs. XSS
  • Always encode user input before injecting it into HTML
  • Encoding prevents script injection (XSS) vulnerabilities
  • In PHP: use htmlspecialchars() or htmlentities()
  • In JS: prefer textContent over innerHTML for safety

HTML entities in practice — common pitfalls

The most common HTML entity mistake is double-encoding: running already-encoded text through an encoder again, turning &amp; into &amp;amp;. This happens when a templating engine and application code both escape the same value. Always escape exactly once, at the point where data is inserted into HTML output.

A second pitfall is context confusion: HTML entities are not the right tool for URL-encoding (use percent-encoding instead) or for JSON strings (use JSON escape sequences). Each context — HTML, URLs, JavaScript strings — has its own escaping rules and they must not be mixed. This tool handles HTML entity encoding and decoding only; for URL encoding use the URL Encode / Decode tool, and for Base64 use the Base64 tool.