HTML Encode / Decode

Encode special characters to HTML entities or decode HTML entities back to text. Named, decimal, or hex formats. Text-only or attribute-safe scope.

Text

Advanced — Named · All characters

Entity Settings

Entity format

Scope

Encoded HTML

—Input Len

—Output Len

—Entities

—Format

What is HTML Encode / Decode?

HTML encode converts special characters into HTML entities so they display correctly and safely in web pages. Characters like <, >, &, and quotes can break HTML structure or enable cross-site scripting (XSS) if rendered raw. Encoding turns < into <, & into &, and so on—so the browser renders the character instead of interpreting it as markup. Decode does the reverse: it converts entities back to plain characters.

Real-world use cases include preventing XSS when displaying user-generated content, safely embedding code snippets in HTML, preparing text for email templates, and fixing double-encoded or corrupted entities. The tool supports three entity formats: Named (&), Decimal (&), and Hex (&). Scope options let you encode only what's needed: All Characters for full HTML safety, Text Only for body content, or Attribute Safe for attribute values (only &, <, ", '). All processing runs in your browser.

How to Use HTML Encode / Decode

Switch between the Encode and Decode tabs depending on your task.
In Encode mode: paste or type text containing special characters (<, >, &, quotes) into the input area.
Click Encode or press Ctrl+Enter. The encoded result appears in the output.
Open Advanced to choose entity format (Named, Decimal, Hex) and scope (All Characters, Text Only, Attribute Safe).
In Decode mode: paste HTML or text with entities (e.g. <div>) into the input area.
Click Decode. The decoded plain text appears. Enable Show diagnostics in Advanced to find malformed or incomplete entities.
Click Copy to copy the result. Press Ctrl+Shift+C to copy, Esc to clear.

Tips & Best Practices

Use Attribute Safe when inserting text into HTML attribute values (e.g. title="..."); it encodes only characters that break attributes. Use Text Only for body content when you don't need to encode high Unicode. Named entities are most readable; decimal and hex work in XML and when named entities aren't available. Diagnostics help find trailing & without a semicolon or invalid numeric ranges. Never trust user input—always encode before rendering. Press Esc to clear the current tab.

When to Use This Tool

Use HTML Encode when preparing user input for safe display, embedding code in documentation, or building email templates. Use Decode when fixing double-encoded text or extracting plain text from HTML with entities. For related tasks: use the Base64 encoder for encoding binary or transport (not for HTML display), the URL encode/decode for URL parameters, or the Regex tester to find or replace entities in bulk.

Frequently Asked Questions

What are HTML entities?

HTML entities encode special characters so they display correctly and don't break markup. & for &, < for <, > for >, " for ", ' for '. Prevents XSS and parsing errors.

What entity formats are supported?

Named (&), decimal (&), and hex (&) formats. Named is most readable. Decimal and hex work in all contexts including XML.

When should I encode HTML?

When inserting user input into HTML to prevent XSS. When displaying code snippets. When storing text that may contain < or & in a database for later display.

Does this tool send my data to a server?

No. Encoding and decoding run entirely in your browser. Your text never leaves your device.

What is attribute-safe scope?

Attribute-safe encodes only characters that break HTML attributes: &, <, \", '. Use when inserting text into attribute values. Text-only encodes more characters for safe display in body content.

How is this different from Base64?

HTML encoding is for safe display in HTML. Base64 encodes any data for transport. Use HTML encode for user-facing content. Use Base64 for APIs, URLs, or binary data. Try our Base64 encoder for that.