HTML Entity Encoder / Decoder Online (Free)

Drop an ampersand or a less-than sign into HTML and the browser may misread it as markup, breaking your page or opening the door to injection bugs. The fix is HTML entities - safe stand-ins for special characters. This guide explains how entities work and how to convert text both ways with the free HTML Entity Encoder / Decoder. It encodes and decodes instantly in your browser, so the content you paste is never uploaded anywhere.

What HTML entities are

An HTML entity is a coded representation of a character that has special meaning in HTML, or that is hard to type. An entity starts with an ampersand and ends with a semicolon, for example the named entity for an ampersand itself is amp surrounded by ampersand and semicolon.

A few characters must be escaped because the browser treats them as part of the markup:

• The less-than and greater-than signs, which open and close tags.
• The ampersand, which begins an entity.
• Double and single quotes, which delimit attribute values.

Encoding swaps these characters for their entity equivalents so the browser displays them as text instead of interpreting them. Decoding reverses it, turning entities back into the literal characters - handy when you receive escaped content and want to read it.

How to use the HTML Entity Encoder / Decoder

The workflow is simple:

1. Open the HTML Entity Encoder / Decoder.
2. Paste your text or markup.
3. Choose encode to turn special characters into entities, or decode to turn entities back into characters.
4. Copy the result.

Encode when you need to display code samples, user-supplied text, or any string containing angle brackets and ampersands inside a web page. Decode when you have escaped content from a database, an API or an email and want the plain characters back. Conversion is instant with no length limit.

Common HTML entity reference

These are the entities you will use most often:

Named entities are easier to read, while numeric entities (an ampersand and hash followed by the character code) work for any character, including emoji and symbols without a name. Both are wrapped with a leading ampersand and a trailing semicolon.

Use cases

Entity encoding matters whenever text meets HTML:

• Displaying code: show HTML or XML snippets on a page without the browser trying to render them.
• Escaping user input: prevent cross-site scripting by encoding text before inserting it into a page.
• Email and templates: keep special characters intact in HTML emails.
• Cleaning data: decode entities that arrived double-escaped from a CMS.
• Symbols: insert characters like the copyright sign or an em dash reliably.

For formatting the surrounding markup, the HTML Formatter tidies your code, and for non-HTML text encoding the URL Encoder / Decoder handles links.

Tips and common mistakes

Keep these in mind:

• Always encode the ampersand first. If you encode the angle brackets before the ampersand, you can accidentally double-encode the new entities. A good encoder handles ordering for you.
• Double encoding: an ampersand that is already part of an entity should not be re-encoded, or amp becomes amp;amp. If you see amp;lt in output, it was encoded twice - decode once to fix it.
• Attribute quotes: inside attribute values, escape the quote character you used as the delimiter so the value does not end early.
• Not everything needs encoding. Plain letters, digits and most punctuation are safe as-is; only the reserved characters strictly require entities.

When in doubt, decode a string to confirm what it really contains before re-encoding.

Privacy: encoded locally in your browser

The text you paste may be user content, internal templates or unreleased copy. The HTML Entity Encoder / Decoder converts it in your browser using JavaScript, so nothing is uploaded, logged or stored. Close the tab and the content is gone.

That makes it safe for sensitive or pre-launch material. Discover more private, instant utilities in the dev tools category or browse all tools.