Rechner Welt
Developer

HTML Entity Encoder & Decoder

Convert between HTML special characters and their entity equivalents (&, <, >, ", named and numeric).

Last updated: April 2026 Β· Runs in your browser Β· No sign-up

Quick answer: Paste text to encode special characters, or paste entities to decode them back. Both directions in one tool.

The five must-encode characters

  • & β†’ &amp;
  • < β†’ &lt;
  • > β†’ &gt;
  • " β†’ &quot;
  • ' β†’ &#39;

In attribute values (title="..."), encoding the quote character that delimits the attribute is critical. Inside element content, < and & are the main offenders.

Frequently Asked Questions

When must I encode HTML entities?

Whenever you output user-supplied text into HTML β€” otherwise a user can inject <script> tags (XSS). At minimum, encode & < > " and ' in any dynamic content.

Named vs numeric entities β€” which should I use?

Named (&amp;) are more readable. Numeric (&#38; or &#x26;) always work, even for characters without a named equivalent. Most modern code uses named where available.

What's the difference between &nbsp; and a regular space?

&nbsp; is a non-breaking space β€” browsers won't wrap a line at it. Useful for keeping 'Mr. Smith' or '100 km' together on one line.

Does this protect against XSS?

Encoding user input before insertion into HTML is one layer of defense. Combine with Content Security Policy headers and avoid innerHTML where possible.

Related Tools