| Char | Named entity | Numeric | Description |
|---|---|---|---|
| & | & | & | Ampersand |
| < | < | < | Less than |
| > | > | > | Greater than |
| " | " | " | Double quote |
| ' | ' | ' | Single quote |
| |   | Non-breaking space | |
| © | © | © | Copyright |
| ® | ® | ® | Registered trademark |
| ™ | ™ | ™ | Trademark |
| € | € | € | Euro sign |
| £ | £ | £ | Pound sign |
| — | — | — | Em dash |
| – | – | – | En dash |
| … | … | … | Ellipsis |
| • | • | • | Bullet |
Explore All Tools
You Might Also Like
HTML Entity Encoder / Decoder
About this tool
Free HTML Entity Encoder and Decoder — Named & Numeric Entities
This free HTML Entity Encoder and Decoder converts characters between plain text and HTML entity representations. When you need to display angle brackets, ampersands, quotes, or special symbols in an HTML document without them being interpreted as markup, entity encoding is the correct approach. Paste your content, choose an encoding mode, and click Encode to get safe HTML. Click Decode to reverse the process — converting entity-encoded HTML back into readable plain text.
HTML entities exist because HTML uses certain characters as syntax: < opens a tag, > closes it, & starts an entity, and " delimits attribute values. If you want to display the literal text <div> in a web page without the browser parsing it as a tag, you must encode it as <div>. Without encoding, the browser interprets the text as markup, which breaks the page layout and, more critically, creates a cross-site scripting (XSS) vulnerability if the content came from a user or an external source.
The tool offers three encoding modes so you can match the output to your exact use case. Minimal mode encodes only the five characters that break HTML: & → &, < → <, > → >, " → ", and ' → '. This is the correct mode for escaping user input before inserting it into an HTML template, and it produces the most readable output since non-breaking characters are left as-is. Full mode encodes the same five characters plus all non-ASCII characters — copyright symbols, currency signs, accented letters, emoji — using named entities where available (© → ©, € → €) or decimal numeric entities (&#decimal;) for everything else. Use Full mode when your output must be strict ASCII. Numeric mode encodes every single character as its decimal numeric entity — even plain letters and digits — which is useful for obfuscation, certain email compatibility requirements, or testing how a parser handles numeric references.
Decoding works in reverse: paste HTML-encoded content and click Decode. The tool handles named entities (&, <, ©), decimal numeric entities (&,  ), and hexadecimal numeric entities (&,  ) — all without using the browser DOM, so it works consistently across environments and can decode in a Node.js context as well.
The reference table at the bottom of the tool lists the most frequently used HTML entities with their character, named entity, and decimal code. Clicking any row in the table loads that character into the input, which is useful when you need to quickly check what entity a specific symbol produces. Common entries include &, <, >, ", ', , ©, ®, ™, €, £, ¥, and —.
This encoder is part of the encoding and escaping toolkit on this site. For URL percent-encoding (%20, %3A), use the URL Encoder / Decoder. For Base64 encoding of binary data or strings, use the Base64 Encoder / Decoder. For JSON Web Token inspection, use the JWT Decoder. HTML entity encoding specifically handles the HTML layer — it is the right tool when you are working with HTML templates, email content, XML documents, or any context where raw special characters would be misinterpreted as markup.
All encoding and decoding runs in your browser with pure JavaScript. No content is sent to any server, which makes this tool safe for encoding sensitive HTML snippets, internal templates, or any content you would not want to share.
Features
- Minimal mode — encode only the 5 HTML-breaking characters (&, <, >, ", ')
- Full mode — encode all non-ASCII characters using named or numeric entities
- Numeric mode — encode every character as its &#decimal; entity
- Decode named entities (&, ©, ) back to plain text
- Decode decimal numeric entities (&) back to plain text
- Decode hexadecimal numeric entities (&) back to plain text
- Reference table of 15+ common HTML entities with click-to-load
- Swap input and output to chain encode → decode operations
- Copy output to clipboard in one click
- Pure JavaScript decode — no browser DOM dependency
- Runs entirely in your browser — no data sent to a server
How to Use
- 1Choose an encoding modeSelect Minimal (just the 5 HTML-breaking chars), Full (all non-ASCII), or Numeric (every character).
- 2Paste your contentType or paste HTML, text, or any content into the Input textarea.
- 3Encode or DecodeClick Encode to convert to HTML entities, or Decode to convert entities back to plain text.
- 4Copy the resultClick Copy in the Output panel to copy to clipboard. Use Swap to move the output back to input for further processing.
- 5Use the reference tableThe reference table below shows common entities. Click any row to load that character into the input.
Common Use Cases
Frequently Asked Questions
HTML entity encoding converts characters that have special meaning in HTML (like <, >, &, ") into safe representations that browsers display as text rather than interpreting as markup. For example, < becomes <. This is essential to prevent XSS (cross-site scripting) attacks when displaying user-submitted content, and to correctly render special characters in HTML documents.
& is the named entity for & (ampersand). & is the decimal numeric entity for the same character (character code 38). & is the hexadecimal numeric entity. All three render identically in browsers. Named entities are more readable; numeric entities work even when the browser doesn't recognize the name.
Use Minimal mode (default) when you want to encode only the 5 characters that break HTML: &, <, >, ", and '. This is sufficient for preventing XSS in most contexts. Use Full mode when embedding content in an ASCII-only environment and need to encode non-ASCII characters like ©, €, or emoji as named or numeric entities. Use Numeric mode to encode every character as its &#decimal; entity — useful for obfuscation or strict ASCII output.
This tool provides encoding that is the basis of XSS prevention, but it's a manual tool — not a library integrated into your application. For real XSS prevention, use a server-side escaping library (like DOMPurify for JavaScript, htmlspecialchars() in PHP, or your framework's built-in templating). Never trust user input and always escape before rendering in HTML.
(non-breaking space,  ) is a space character that browsers will not collapse or wrap at. Use it when you need forced spacing between words that should not break across lines, such as between a number and its unit (10 km) or to add padding in HTML. For regular spaces in content, use a normal space — multiple spaces in HTML are collapsed to one anyway.