TheComputech
HomeToolsDeveloper Tools

HTML Entity Encode / Decode

Free HTML entity encoder and decoder. Escape special characters and non-ASCII text to HTML entities and decode them back — instantly and privately in your browser.

✓ Free ⚡ Instant 🔒 100% private
Plain text / HTML0 characters
Encoded entities

🔒 All encoding and decoding happens in your browser — your text is never uploaded.

Advertisement

Free HTML Encoder / Decoder

This free online tool lets you HTML encode any text — escaping the special characters &, <, >, " and ' into safe HTML entities — and just as easily decode entities back into normal text. It handles both named entities (like &amp;) and numeric ones (like &#39; or &#x27;), works instantly as you type, and runs entirely in your browser.

How to use the HTML entity encoder

  1. Choose a mode: Encode → Entities to escape text, or Decode → Text to unescape it.
  2. Type or paste your text into the left box (or click Load sample).
  3. The result appears on the right instantly — click Copy to grab it.
  4. When encoding, tick Convert all non-ASCII to &#nnn; to turn accented and Unicode characters into numeric entities.
  5. Click Use result as input to flip the output back through the other mode.

What are HTML entities and why escape them?

In HTML, a handful of characters carry special meaning. The browser uses < and > to mark the start and end of tags, & to begin an entity, and quotation marks to wrap attribute values. If you want to display those characters as literal text instead of having the browser interpret them as code, you replace each one with its HTML entity. The five core entities are &amp; for &, &lt; for <, &gt; for >, &quot; for a double quote and &#39; for an apostrophe.

Escaping matters most for security. When user-supplied text is dropped into a page without encoding, an attacker can inject <script> tags and run code in other people’s browsers — a cross-site scripting (XSS) attack. Encoding the five special characters neutralises that markup so it shows up as plain text. The same technique is essential when you want to display code samples, put raw HTML inside a tag, or store snippets safely in a database or JSON file.

Frequently asked questions

Is this HTML encoder free and private?
Yes. It is completely free with no sign-up, and all encoding and decoding happens in your browser with JavaScript. Your text is never uploaded to a server.
Which characters does HTML encoding escape?
The five characters that have special meaning in HTML: the ampersand becomes &amp;, the less-than sign becomes &lt;, the greater-than sign becomes &gt;, the double quote becomes &quot; and the apostrophe becomes &#39;. You can also choose to convert every non-ASCII character to a numeric entity.
Does it decode both named and numeric entities?
Yes. The decoder understands named entities like &amp; and &copy;, decimal numeric entities like &#39;, and hexadecimal ones like &#x27;. It turns each one back into the original character.
Is decoding entities safe from scripts?
Yes. Decoding is done by reading the value of a detached textarea element, which parses character references but never runs markup or scripts. So pasting code that contains script tags only decodes the text and cannot execute anything.
Why should I escape HTML before showing user input?
Escaping the special characters stops the browser from treating user text as real HTML. This prevents cross-site scripting attacks, where injected script tags could run in other visitors browsers, and it lets you display code samples and raw HTML as plain readable text.
Advertisement

Related tools

All tools →
🔧

URL Encode / Decode

Free online URL encoder and decoder. Percent-encode text for safe use in URLs and decode %-encoded strings back to readable text — instantly and privately in your browser.

🔧

JWT Decoder

Free JWT decoder. Paste a JSON Web Token to decode and inspect its header and payload, view standard claims and check expiry — all in your browser, nothing uploaded.

🔧

Hash Generator

Free hash generator. Create MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text instantly in your browser, with one-click copy. Nothing is uploaded.

🔧

UUID Generator

Free UUID generator. Create cryptographically-random version 4 UUIDs in bulk with options for uppercase, no hyphens and braces — copy or download. Generated in your browser.