HTML Entity Encoder & Decoder
Encode special characters into HTML entities or decode entities back to plain text. Choose named, decimal, or hex format. Everything runs in your browser — no data is sent to any server.
How it works: Paste or type your text, choose encode or decode mode, then pick an entity format. The output updates instantly. Use named entities for readability, decimal or hex for maximum compatibility. No data leaves your browser.
&&&Ampersand<<<Less than>>>Greater than"""Double quote'''Single quote   Non-breaking space©©©Copyright®®®Registered™™™Trademark———Em dash€€€EuroWhat Are HTML Entities?
HTML entities are special sequences used to represent characters that either have a reserved meaning in HTML or cannot be typed directly in source code. The most critical example is the ampersand (&), which marks the start of every entity itself and must be written as & when it appears as literal text. Similarly, the less-than sign (<) must be written as < to prevent the browser from interpreting it as the opening of an HTML tag. Entities follow three formats: named (&), decimal (&), and hexadecimal (&). All three refer to the same character — the choice depends on readability preference and target parser compatibility.
Why Encode HTML Characters?
Encoding HTML characters is essential for two reasons: correctness and security. On the correctness side, characters like <, >, and & are part of HTML syntax. If they appear unescaped in text content, browsers may misinterpret them as markup, breaking the page layout. On the security side, failing to encode user-supplied input before rendering it in HTML is the root cause of Cross-Site Scripting (XSS) attacks — one of the most common web vulnerabilities. An attacker can inject a <script> tag through a form field or URL parameter, and if the server renders that input without encoding, the malicious script executes in every visitor's browser. Always encode output, never trust raw input.
Named vs Decimal vs Hex Entities
Named entities like ©, €, and — are human-readable and widely supported in all modern browsers. Decimal entities use the Unicode code point in base-10 (© for ©), while hexadecimal entities use base-16 (© for the same character). Named entities only exist for a defined subset of Unicode characters — for anything outside that subset, you must use decimal or hex. Hex notation aligns naturally with Unicode documentation (e.g., U+0026 maps to &), making it the preferred choice when working with Unicode code charts. For HTML attributes, always encode double quotes as " or " to prevent attribute injection.
HTML Entity Best Practices
- Always encode user input before rendering it in HTML to prevent XSS attacks
- Encode & as & first, before encoding any other character, to avoid double-encoding
- Use named entities for common symbols like ©, ®, and ™ for better readability
- Use decimal or hex entities for any Unicode character above U+007F when targeting legacy parsers
- Inside HTML attributes, encode both quotes (" and ') to prevent attribute-breaking injection
- Enable "Encode All" to force-encode every non-ASCII character for maximum portability
- Decode entities before processing text logic — never operate on raw entity strings
- (non-breaking space) prevents unwanted line breaks but should not replace regular spaces in bulk