HTML Entities Encoder/Decoder

About HTML Entities Encoder/Decoder

HTML entities are special character sequences that represent reserved or special characters in HTML documents. Characters like <, >, &, and quotes have special meaning in HTML and must be encoded when used as content rather than markup. Proper HTML entity encoding is the primary defense against Cross-Site Scripting (XSS) attacks -- one of the most common web security vulnerabilities -- because it prevents user-supplied content from being interpreted as executable HTML or JavaScript code.

HTML Entity Reference Guide

HTML entities come in three formats: named entities (&amp; for &), decimal numeric entities (&#38; for &), and hexadecimal numeric entities (&#x26; for &). The five mandatory entities for HTML safety are: &amp; (ampersand), &lt; (less than), &gt; (greater than), &quot; (double quote), and &#39; (apostrophe/single quote). Named entities are more readable but numeric entities can represent any Unicode character.

Beyond security, HTML entities are used for typography and special symbols: &nbsp; for non-breaking spaces (prevents line breaks between words), &mdash; for em dashes, &copy; for copyright symbols, &trade; for trademarks, and currency symbols like &euro;, &pound;, and &yen;. Mathematical symbols (&times;, &divide;, &plusmn;, &frac12;), arrows (&larr;, &rarr;, &uarr;, &darr;), and typographic quotes (&laquo;, &raquo;, &ldquo;, &rdquo;) are all available as named entities. This tool supports both standard encoding (escaping the five dangerous characters) and full encoding (converting all non-ASCII characters to numeric entities).