Encode HTML special characters (<, &, ", ', >) as named or numeric entities, or decode them back to plain text. Auto-detects direction.
<p>Hello & world</p> → <p>Hello & world</p>
HTML entity encoding replaces special characters that would otherwise be interpreted as HTML markup. < becomes <, & becomes &, and so on. This is required when displaying user-generated content as plain text inside a web page — without it, you've got an XSS vulnerability.
The tool auto-detects: if the input contains entity references, it decodes; otherwise it encodes.
If you want to show <div> as text rather than render it, encode the angle brackets first.
Before inserting user-typed content into the DOM, entity-encode to prevent script injection. Modern frameworks do this automatically; raw HTML strings need manual escaping.
Some APIs return entity-encoded HTML in JSON values. Decoding makes them human-readable.
Some chat tools render & in URLs as broken entities. Encoding the share URL once before pasting fixes that edge case.
Rich tooltips and data-attributes that hold HTML need their content entity-encoded so the outer parser doesn't get confused.
Named: <, &, ". Numeric: <, &, ". Both work; named are more readable, numeric work for any character including ones without a named entity.
The five must-encode HTML chars: <, >, &, ", '. Other characters (em dash, copyright) are passed through unchanged — modern HTML handles them as UTF-8.
The tool uses the browser's own HTML parser via a hidden textarea. Whatever the browser decodes is what you get — guaranteed correct for any valid entity reference.
No — different escape sets. URL encoding uses %xx hex; HTML entity encoding uses &name; or &#nn;. Use URL encoding for URL components; HTML encoding for HTML content.