What is the difference between HTML entities and URL encoding?

HTML entities (for example &, <, é) represent characters inside HTML or XML markup so parsers do not treat them as syntax. URL encoding (percent-encoding) escapes bytes for query strings and paths in URIs. Use this page for HTML and CMS snippets; use the site’s URL encoder when you need encodeURIComponent-style percent-encoding for APIs and links.

When should I use named entities vs numeric entities?

Named entities like & and " are short and readable for the five critical characters in HTML text and attributes. Decimal numeric entities (é) and hexadecimal (é) work for any Unicode code point and are handy when a name does not exist or you want a consistent style. This tool uses standard names for &, , quotes, and apostrophe, and optional decimal encoding for non-ASCII when you enable that option.

Does encoding HTML entities prevent XSS?

Encoding user-controlled data before you insert it into HTML context is an important layer, but it is not a substitute for a content security policy, framework escaping, sanitization when you allow rich HTML, and never using innerHTML with raw user input. Encode entities for display text; use a vetted sanitizer when you must allow markup.

Is my text sent to your servers?

No. Encoding runs entirely in your browser. Decoding uses the same textarea-based HTML reference parsing your browser provides for entity strings. File upload reads the file locally with FileReader—nothing is uploaded to a backend.

Why did decode leave some sequences unchanged?

Incomplete references (a lone &), unknown entity names, or malformed numeric values may not decode. The browser’s HTML parser follows standard rules; fix typos like missing semicolons where required, and ensure hex numerics use valid digits after &#x.

Will double-encoding be a problem?

Yes, if you encode text that already contains entities, ampersands become & and so on. Decode once to plain text, edit, then encode a single time before pasting into your template or CMS. This tool’s swap button helps you chain decode → fix → encode.

How do HTML entities relate to JSON or APIs?

JSON strings use Unicode and backslash escapes—not HTML entities. If an API returns JSON with entity-encoded strings, decode here for readability, or fix the producer. For inspecting JSON payloads first, use the JSON formatter on this site, then copy field values into this tool when needed.

Which related tools should I use with HTML entities?

Format markup with the HTML formatter, convert prose with Markdown to HTML or HTML to Markdown, percent-encode URLs with the URL encoder, and review live page tags with the meta tags extractor—all linked from the developer and website tool sections on this site.

HTML entity encoder & decoder — escape & < > for safe markup (free)

Why HTML entity encoding matters for developers, content teams, and SEO

Browsers treat angle brackets as tag delimiters. A literal less-than in copy must become an entity inside HTML text nodes and most attribute values so it renders as text instead of breaking the DOM tree. Unescaped ampersands can prematurely start an entity reference and corrupt adjacent attributes—common when titles contain "Tom & Jerry" or company names with ampersands. For SEO, clean rendering avoids broken snippets and layout glitches that increase bounce rates; use the Open Graph preview after you wire escaped strings into templates.

Entity encoding is not encryption: anyone can decode the string. It is a presentation and injection-hygiene step, not a substitute for sanitizing untrusted HTML, using framework auto-escaping, or setting a strong Content-Security-Policy. Treat this tool as a fast scratchpad alongside your normal secure coding practices.

Named entities, decimal, and hexadecimal numeric character references

The five characters that most often need escaping in HTML text and attributes map to well-known names: amp, lt, gt, quot, and the apostrophe as a numeric reference for broad compatibility. Numeric forms such as decimal 233 or hex E9 reference Unicode code points directly—useful for symbols without memorized names or when you want a uniform style across a template. This encoder's optional non-ASCII mode emits decimal numerics; critical punctuation always uses the compact names above.

How to use this HTML entity encoder and decoder (step by step)

Pick Encode to entities when starting from plain text or raw markup snippets, or Decode entities when you have exported CMS HTML, email source, or escaped JSON strings you want to read.
Paste into Input or click Upload file to load a local .html, .txt, or .md fragment. Files are read with FileReader in the tab only.
For encoding, toggle Encode non-ASCII as decimal numeric entities if you need every character above ASCII represented as numeric references—for example when an upstream pipeline only accepts ASCII.
Press Encode or Decode, then use the copy icon on the output panel or Copy output for clipboard-ready text. Use Swap to input to chain operations without re-pasting.

Workflows: Markdown, JSON, APIs, and email HTML

When you convert prose with the Markdown to HTML tool, you may still need to escape fragments that will be embedded inside a larger template or a CMS field that does not run a full markdown pass. For the opposite direction, try HTML to Markdown. If an API returns JSON with entity-encoded strings, paste the value into the JSON formatter first to locate the field, then decode here. Email clients often show entity-heavy source; decoding helps compare preheader and body copy without manual search-and-replace.

Common pitfalls: double encoding, attribute context, and URL text

Double encoding turns a visible ampersand into multiple amp layers after a second pass—decode once, verify the plain text, then encode exactly once before publishing. In attribute context, always wrap values in double quotes and escape interior quotes. For URLs inside href, you typically need percent-encoding for query values, not HTML entities—use the URL encoder for address bar-safe strings and keep HTML entities for the surrounding markup.

Related developer tools

Browse the full code and developer tools catalog. Highlights:

JSON Formatter & Validator — Format, validate, minify, and explore JSON in a collapsible tree—fix payloads before they hit production.
JSON to CSV Converter — Turn JSON arrays into downloadable CSV with automatic column detection for spreadsheets and BI tools.
JSON to YAML Converter — Convert JSON to readable YAML for configs and Kubernetes—copy or download the result.
CSV to JSON Converter — Paste or upload CSV and get structured JSON with header-aware typing for APIs and apps.
YAML to JSON Converter — Parse YAML to valid JSON with clear errors—ideal for CI configs and cloud templates.
XML Formatter & Validator — Beautify and validate XML with structure insight and actionable parse errors.
Regex Tester & Debugger — Test patterns live with highlights, capture groups, and flags—debug regex without leaving the browser.
SQL Formatter — Pretty-print SQL with indentation and keyword casing for readable queries and code review.
HTML Formatter & Minifier — Beautify or minify HTML and compare raw markup with a quick rendered preview.
CSS Formatter & Minifier — Format messy stylesheets or minify CSS for faster loads—keep design tokens consistent.
JavaScript Formatter & Minifier — Pretty-print or minify JavaScript for debugging locally and shipping smaller bundles.
HTML to Markdown Converter — Convert HTML snippets to Markdown for docs, CMS migrations, and README cleanup.
Markdown to HTML Converter — Turn Markdown into HTML with a live preview—handy for emails, blogs, and static pages.
Code Diff Checker — Compare two code blocks side by side with clear add/remove highlighting for reviews.

HTML entity encoder and decoder — escape special characters for safe HTML and CMS workflows