HTML Encoder / Decoder
Encode special characters to HTML entities (&, <, >, ") and decode HTML entities back to plain text. Useful for embedding HTML in code and preventing XSS.
Encoding:
Common HTML Entities
| Character | Entity | Description |
|---|---|---|
| & | & | Ampersand |
| < | < | Less than |
| > | > | Greater than |
| " | " | Double quote |
| ' | ' | Single quote |
| © | © | Copyright |
| ® | ® | Registered |
| ™ | ™ | Trademark |
| — | — | Em dash |
| … | … | Ellipsis |
| (space) | | Non-breaking space |
| € | € | Euro sign |
How to Use HTML Encoder / Decoder
- 1Paste or type your text in the input field.
- 2Click Encode to convert special characters to HTML entities.
- 3Click Decode to convert HTML entities back to plain text.
- 4Copy the output for use in your HTML, template, or code.
Zenovay
Privacy-first analytics for your website
Understand your visitors without invasive tracking. GDPR compliant, lightweight, and powerful.
Related Tools
JSON Formatter & ValidatorFormat, validate, and beautify JSON data with syntax highlighting and error detection.
JWT DecoderDecode and inspect JWT tokens. View header, payload, and verify signatures.
Base64 Encode/DecodeEncode text to Base64 or decode Base64 back to text. Supports UTF-8 and binary data.
URL Encode/DecodeEncode or decode URL components. Handle special characters, query strings, and full URLs.
Frequently Asked Questions
What are HTML entities?▾
HTML entities are special codes used to represent characters that have special meaning in HTML or that cannot be typed directly. They start with & and end with ;. Named entities: & → &, < → <, > → >, " → ", ' → '. Numeric entities: < = < (decimal), < = < (hex). HTML parsers convert entities to their characters when rendering. Using entities prevents the browser from interpreting text as HTML markup.
Why encode HTML?▾
HTML encoding prevents: XSS (cross-site scripting) attacks — user input containing <script> tags gets encoded to <script> and rendered as text, not executed; HTML injection — untrusted content breaking page structure; Broken display — < and > in text being misinterpreted as HTML tags. Always encode user-generated content before inserting it into HTML. Use template engines or React (which auto-escapes by default) instead of raw HTML string concatenation.
What is the difference between & and &amp;?▾
& is the HTML entity for the literal & character. &amp; is double-encoded — it represents the text "&" in HTML, which renders as "&". Double encoding happens when you encode already-encoded text. If you need to display the text "&" literally on a page, you write &amp; in your HTML. This happens in code snippets and documentation showing HTML entity examples.
Should I use named or numeric HTML entities?▾
Both are valid. Named entities (&, <) are more readable. Numeric entities (&, < or &, <) work for any Unicode character, even without a named equivalent. For safe practice: always encode at minimum &, <, >, " (and ' for attribute values). For full Unicode safety in older systems, encode all non-ASCII characters numerically. Modern UTF-8 HTML5 pages can include Unicode directly without encoding.
What is the htmlspecialchars function in PHP?▾
PHP's htmlspecialchars() converts &, <, >, ", ' to their HTML entity equivalents. Use ENT_QUOTES flag to encode both single and double quotes: htmlspecialchars($str, ENT_QUOTES, 'UTF-8'). htmlspecialchars_decode() reverses it. html_entity_decode() handles all named entities. In JavaScript: no built-in, but DOMParser or document.createElement + textContent can encode/decode. In Python: html.escape() and html.unescape().