HTML Encoder / Decoder
Convert special characters to their HTML entity equivalents (&, <, >, ", ') and decode them back to plain text.
How to use HTML Encoder
- Paste the text or HTML you want to convert into the input box.
- Click Encode to replace special characters with their HTML entities, or Decode to turn entities back into plain characters.
- Review the output to confirm the five reserved characters (& < > " ') are handled as you expect.
- Copy the result and paste it into your HTML, template, or documentation.
- For untrusted user input, encode it server-side before it is ever written into a page to prevent XSS.
HTML entity encoding and decoding explained
HTML encoding converts characters that have a special meaning in markup into entity references so the browser displays them as literal text instead of interpreting them as code. This tool encodes plain text into safe HTML and decodes entities back into readable characters, in both directions, entirely in your browser.
The five reserved characters
& -> &
< -> <
> -> >
" -> "
' -> 'These are the characters HTML uses to delimit tags and attributes. If a user types 1 < 2 && 3 > 2 and you place it on a page without encoding, the browser will try to read < 2 as the start of a tag. Encoding turns it into harmless text.
Why this is a security control, not just formatting
The most common web vulnerability — cross-site scripting (XSS) — happens when untrusted input is written into a page without encoding. Imagine a comment field where someone submits <script>steal()</script>. Render it raw and every visitor runs that script. Encode it on output and the browser shows the literal text instead. Output encoding is the front-line defence, which is why frameworks like React auto-escape by default.
Named vs numeric entities
Every encodable character can be written three ways: a named entity (©), a decimal numeric reference (©), or a hexadecimal one (©) — all of which render as ©. Named entities are more readable but only exist for a fixed set of characters. Numeric references work for any Unicode code point, making them the universal fallback.
Encoding vs Unicode
If your document declares <meta charset="utf-8">, you do not need to escape accented letters, currency symbols, or emoji — you can type them directly and they will render correctly. Reserve entities for the five characters that affect parsing, plus the occasional non-breaking space ( ) or invisible character you want to make explicit in source.
When to encode vs decode
Encode when you are putting text into HTML: user content, code samples in a blog post, or values inside attributes. Decode when you have received HTML-encoded text — for instance scraped from a page or pulled from an API — and want the original plain string back. This tool handles both, so you can round-trip text safely either way.
Related SEO tools
- URL Encoder / Decoder — percent-encode text for use inside URLs and query strings.
- CSS Minifier — compress stylesheets for faster page loads.
- Meta Tag Generator — build a clean, valid document head.
- Base64 Encoder / Decoder — encode binary or text data as Base64.
Frequently asked questions
Which characters get escaped?
When should I HTML-encode user input?
What is the difference between named and numeric entities?
Do I need to encode every non-ASCII character?
Why escape the apostrophe as ' instead of '?
Is HTML encoding the same as URL encoding?
Does encoding change how text looks to readers?
Is HTML encoding alone enough to stop all XSS?
Related tools
More tools you might find useful in the same flow.
Meta Tag Generator
Meta tag generator — build complete SEO title, description, robots, and canonical tags for any page, ready to copy and paste. Free, with no signup needed.
Open Graph Preview
Open Graph preview tool — see exactly how a URL will look when shared on Facebook, LinkedIn, and other social platforms before you publish. Free and instant.
robots.txt Generator
robots.txt generator — build a clean robots.txt file with user-agent rules, allow and disallow paths, and sitemap entries in seconds. Free, no signup needed.
Keyword Density
Keyword density checker — analyze pasted text or page copy for word density, keyword frequency, top phrases, and word counts. Free, runs in your browser.
Built by Muhammad Tahir · About