HTML Entity Encoder/Decoder

Encode special characters to HTML entities for XSS prevention, or decode entities back to plain text.

Encode

Named (&) Decimal (A) Hex (A)

Examples:

Encoded output

Decode

Examples:

Decoded output

How it works

HTML entities prevent browsers from interpreting characters as markup. They are essential for safely rendering user-supplied content inside HTML. Named entities (<, &) are human-readable; decimal (<) and hex (<) forms cover the full Unicode range and are useful when named forms don't exist.

Security note

Always encode user input before inserting into HTML. The six critical characters for XSS prevention are: & < > " ' /

View source Report issue