Encode HTML special characters to entities for safe display. Decode entities back to readable HTML. Browser-based.
Yes, completely free with no signup required.
Everything runs in your browser. No data is sent to any server.
Encode HTML special characters to their entity equivalents (&, <, >, ") to safely display user content in web pages without triggering HTML interpretation. Decode HTML entities back to readable characters. Essential for web developers preventing XSS vulnerabilities.
HTML encoding/decoding uses browser-native DOM functions — all processing is client-side.
Choose Encode (HTML → entities) or Decode (entities → HTML).
Paste your HTML or entity-encoded string.
Result appears instantly.
Click to copy the encoded/decoded output.
To prevent Cross-Site Scripting (XSS) attacks by ensuring user-input text is not interpreted as HTML.
&, <, >, ", ', /, and other characters with special HTML meaning.
In this context, the terms are interchangeable — both refer to replacing characters with their entity equivalents.
Yes — non-ASCII characters can be encoded as numeric entities (〹).
Yes — paste the raw HTML source and decode all entity references.