HTML Entity Encoder & Decoder
Convert between HTML special characters and their entity equivalents (&, <, >, ", named and numeric).
Last updated: April 2026 Β· Runs in your browser Β· No sign-up
The five must-encode characters
&β&<β<>β>"β"'β'
In attribute values (title="..."), encoding the quote character that delimits the attribute is critical. Inside element content, < and & are the main offenders.
Frequently Asked Questions
When must I encode HTML entities?
Whenever you output user-supplied text into HTML β otherwise a user can inject <script> tags (XSS). At minimum, encode & < > " and ' in any dynamic content.
Named vs numeric entities β which should I use?
Named (&) are more readable. Numeric (& or &) always work, even for characters without a named equivalent. Most modern code uses named where available.
What's the difference between and a regular space?
is a non-breaking space β browsers won't wrap a line at it. Useful for keeping 'Mr. Smith' or '100 km' together on one line.
Does this protect against XSS?
Encoding user input before insertion into HTML is one layer of defense. Combine with Content Security Policy headers and avoid innerHTML where possible.