HTML Entity Encoder/Decoder

Encode and decode HTML entities with XSS detection, entity reference, and code snippets. All client-side.

Mode

Format

Range

Plain Text / HTML

Encoded Output

&lt;h1&gt;Hello&nbsp;&amp;&nbsp;&quot;World&quot;&lt;/h1&gt;

Rendered Preview

<h1>Hello & "World"</h1>

Entity Reference (151)

Char	Named	Decimal	Hex	Category
&	&	&	&	Basic
<	<	<	<	Basic
>	>	>	>	Basic
"	"	"	"	Basic
'	'	'	'	Basic
				Basic
©	©	©	©	Basic
®	®	®	®	Basic
™	™	™	™	Basic
•	•	•	•	Basic
…	…	…	…	Basic
—	—	—	—	Basic
–	–	–	–	Basic
'	‘	‘	‘	Basic
'	’	’	’	Basic
“	“	“	“	Basic
”	”	”	”	Basic
§	§	§	§	Basic
¶	¶	¶	¶	Basic
†	&dagger;	†	†	Basic
‡	&Dagger;	‡	‡	Basic
←	←	←	←	Arrows
↑	↑	↑	↑	Arrows
→	→	→	→	Arrows
↓	↓	↓	↓	Arrows
↔	↔	↔	↔	Arrows
↵	&crarr;	↵	↵	Arrows
⇐	⇐	⇐	⇐	Arrows
⇑	&uArr;	⇑	⇑	Arrows
⇒	⇒	⇒	⇒	Arrows
⇓	&dArr;	⇓	⇓	Arrows
⇔	⇔	⇔	⇔	Arrows
∀	∀	∀	∀	Math
∂	∂	∂	∂	Math
∃	∃	∃	∃	Math
∅	∅	∅	∅	Math
∇	∇	∇	∇	Math
∈	∈	∈	∈	Math
∉	∉	∉	∉	Math
∋	&ni;	∋	∋	Math
∏	∏	∏	∏	Math
∑	∑	∑	∑	Math
−	−	−	−	Math
∗	&lowast;	∗	∗	Math
√	√	√	√	Math
∝	&prop;	∝	∝	Math
∞	∞	∞	∞	Math
∠	&ang;	∠	∠	Math
∧	&and;	∧	∧	Math
∨	&or;	∨	∨	Math
∩	∩	∩	∩	Math
∪	∪	∪	∪	Math
∫	∫	∫	∫	Math
≈	≈	≈	≈	Math
≠	≠	≠	≠	Math
≡	&equiv;	≡	≡	Math
≤	≤	≤	≤	Math
≥	≥	≥	≥	Math
⊂	⊂	⊂	⊂	Math
⊃	⊃	⊃	⊃	Math
⊆	&sube;	⊆	⊆	Math
⊇	&supe;	⊇	⊇	Math
⊕	&oplus;	⊕	⊕	Math
⊗	&otimes;	⊗	⊗	Math
×	×	×	×	Math
÷	÷	÷	÷	Math
±	±	±	±	Math
¼	¼	¼	¼	Math
½	½	½	½	Math
¾	¾	¾	¾	Math
¢	¢	¢	¢	Currency
£	£	£	£	Currency
¥	¥	¥	¥	Currency
€	€	€	€	Currency
¤	¤	¤	¤	Currency
₹	₹	₹	₹	Currency
₩	₩	₩	₩	Currency
₿	₿	₿	₿	Currency
α	α	α	α	Greek
β	β	β	β	Greek
γ	γ	γ	γ	Greek
δ	δ	δ	δ	Greek
ε	ε	ε	ε	Greek
ζ	ζ	ζ	ζ	Greek
η	η	η	η	Greek
θ	θ	θ	θ	Greek
ι	ι	ι	ι	Greek
κ	κ	κ	κ	Greek
λ	λ	λ	λ	Greek
μ	μ	μ	μ	Greek
ν	ν	ν	ν	Greek
ξ	ξ	ξ	ξ	Greek
ο	ο	ο	ο	Greek
π	π	π	π	Greek
ρ	ρ	ρ	ρ	Greek
σ	σ	σ	σ	Greek
τ	τ	τ	τ	Greek
υ	υ	υ	υ	Greek
φ	φ	φ	φ	Greek
χ	χ	χ	χ	Greek
ψ	ψ	ψ	ψ	Greek
ω	ω	ω	ω	Greek
Α	Α	Α	Α	Greek
Β	Β	Β	Β	Greek
Γ	Γ	Γ	Γ	Greek
Δ	Δ	Δ	Δ	Greek
Ε	Ε	Ε	Ε	Greek
Ζ	Ζ	Ζ	Ζ	Greek
Η	Η	Η	Η	Greek
Θ	Θ	Θ	Θ	Greek
Ι	Ι	Ι	Ι	Greek
Κ	Κ	Κ	Κ	Greek
Λ	Λ	Λ	Λ	Greek
Μ	Μ	Μ	Μ	Greek
Ν	Ν	Ν	Ν	Greek
Ξ	Ξ	Ξ	Ξ	Greek
Ο	Ο	Ο	Ο	Greek
Π	Π	Π	Π	Greek
Ρ	Ρ	Ρ	Ρ	Greek
Σ	Σ	Σ	Σ	Greek
Τ	Τ	Τ	Τ	Greek
Υ	Υ	Υ	Υ	Greek
Φ	Φ	Φ	Φ	Greek
Χ	Χ	Χ	Χ	Greek
Ψ	Ψ	Ψ	Ψ	Greek
Ω	Ω	Ω	Ω	Greek
♠	&spades;	♠	♠	Emoji
♣	&clubs;	♣	♣	Emoji
♥	&hearts;	♥	♥	Emoji
♦	&diams;	♦	♦	Emoji
♩	♩	♩	♩	Emoji
♪	♪	♪	♪	Emoji
♫	♫	♫	♫	Emoji
☀	☀	☀	☀	Emoji
☁	☁	☁	☁	Emoji
☂	☂	☂	☂	Emoji
★	★	★	★	Emoji
☆	☆	☆	☆	Emoji
☎	☎	☎	☎	Emoji
✓	✓	✓	✓	Emoji
✗	✗	✗	✗	Emoji
✈	✈	✈	✈	Emoji
✉	✉	✉	✉	Emoji
✎	✎	✎	✎	Emoji
✿	✿	✿	✿	Emoji
❤	❤	❤	❤	Emoji
⚡	⚡	⚡	⚡	Emoji
⚠	⚠	⚠	⚠	Emoji
⚙	⚙	⚙	⚙	Emoji
☕	☕	☕	☕	Emoji
♻	♻	♻	♻	Emoji

Code Snippets

// Encode HTML entities
function encodeHTML(str) {
  return str
    .replace(/&/g, '&amp;')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/"/g, '&quot;')
    .replace(/'/g, '&#39;');
}

// Decode HTML entities (safe, using DOMParser)
function decodeHTML(str) {
  const doc = new DOMParser()
    .parseFromString(`<!doctype html><body>${str}`, 'text/html');
  return doc.body.textContent ?? str;
}

What Are HTML Entities?

HTML entities are special codes used to represent characters that have special meaning in HTML, or characters that cannot be easily typed on a keyboard. For example, the less-than sign ("<") is written as < to prevent the browser from interpreting it as the start of an HTML tag. Entities can be written in three formats: named (&), decimal (&), or hexadecimal (&).

Why Encode HTML Entities?

XSS Prevention

Encoding user input prevents Cross-Site Scripting (XSS) attacks. Without encoding, attackers can inject malicious scripts through form fields, URL parameters, and other user-controlled inputs.

Display Special Characters

Characters like <, >, and & have special meaning in HTML. Encoding ensures they display as text rather than being interpreted as HTML markup by the browser.

Unicode & Special Symbols

HTML entities provide a reliable way to include mathematical symbols (∑, ∞), arrows (→, ⇒), currency signs (€, £), and other special characters across all browsers and encodings.

Email & Legacy Compatibility

HTML email clients and older systems may not support UTF-8 properly. Using HTML entities ensures characters render correctly everywhere, regardless of the character encoding.

Frequently Asked Questions

Is this tool secure? Is my data sent to a server?

All encoding and decoding happens entirely in your browser. No data is sent to any server. The tool uses the browser's native DOMParser API for safe decoding.

What is the difference between named, decimal, and hex entities?

Named entities use human-readable names (e.g., &amp; for &), decimal entities use the Unicode code point in base 10 (e.g., &), and hex entities use base 16 (e.g., &). All three represent the same character — named entities are most readable, while decimal/hex work for any Unicode character.

When should I use minimal vs standard vs full encoding?

Minimal encodes only the 5 characters that break HTML syntax (<, >, &, ", '). Standard also covers common special symbols. Full encodes all non-ASCII characters — useful for maximum compatibility with legacy systems or email clients.

How does HTML entity encoding prevent XSS?

By converting characters like < and > to < and >, the browser displays them as text rather than interpreting them as HTML tags. This prevents injected <script> tags and event handlers from executing.

Should I use innerHTML or textContent in JavaScript?

Always use textContent (or innerText) when inserting user-provided content. innerHTML parses the string as HTML, which can execute injected scripts. textContent treats everything as plain text, making it safe from XSS.

Related Tools

JSON Formatter

Format, validate, and beautify JSON with tree view and TypeScript type generation.

Regex Tester

Test regular expressions with real-time matching, capture groups, and code snippets.

UUID Generator

Generate UUID v4, v7, ULID, and Nano ID with bulk generation and format options.

Base64 Encoder/Decoder

Encode and decode text, images, and files to Base64 with real-time conversion.