HTML Entity Encode / Decode
Encode special characters as HTML entities (& < >) and decode them back.
Essential encodes & < > " ' only — safe for most HTML contexts. All non-ASCII additionally encodes accented letters, symbols, and emoji.
About this tool
HTML entities are sequences used to represent characters that have special meaning in HTML or that are difficult to type directly. An entity begins with & and ends with ; and is either named (&, <, >, ", ) or numeric in decimal (<) or hexadecimal (<). The browser replaces entities with the corresponding characters when rendering the page.
Five characters must always be escaped when appearing as content in HTML: < and > (which delimit tags), & (which starts entities), and ' and " (which delimit attribute values). Failing to escape these characters when displaying user-provided content is the root cause of Cross-Site Scripting (XSS) vulnerabilities — one of the most common web security flaws. A < in user input rendered without escaping can inject arbitrary HTML and JavaScript.
Beyond the five essential characters, HTML entities are useful for typographic characters: — (em dash), – (en dash), “ and ” (curly double quotes), ‘ and ’ (curly single quotes), … (ellipsis), © (copyright), ® (registered trademark), and ™ (trademark). In modern HTML with a UTF-8 charset declaration, you can include most of these directly, but entities are helpful when the character is difficult to type or when working in plain-text environments.