HTML Entity Encoder / Decoder
Encode special characters into HTML entities or decode entities back to readable text. Supports named, decimal, and hex formats with real-time conversion.
Common HTML Entities Reference
| Char | Entity Name | Entity Number | Description | Copy |
|---|
About HTML Entities
HTML entities are special sequences of characters used to represent reserved or invisible characters in HTML documents. Since characters like <, >, &, and " have structural meaning in HTML markup, they cannot appear literally in page content without being misinterpreted by the browser's parser. HTML entities solve this by providing escape sequences — either named references like & or numeric references like & — that the browser renders as the intended character without breaking the document structure. This tool lets you convert between plain text and all three entity formats: named, decimal, and hexadecimal.
Preventing XSS Attacks with HTML Encoding
Cross-site scripting (XSS) is one of the most prevalent web security vulnerabilities, and proper HTML entity encoding is a critical defense against it. When user-supplied input is inserted into an HTML page without encoding, an attacker can inject malicious <script> tags or event handler attributes that execute arbitrary JavaScript in the victim's browser. By encoding all user input — converting < to <, > to >, " to ", and & to & at minimum — you ensure that injected code is rendered as harmless text rather than executed as markup. Every web framework provides built-in encoding functions, and you should use them for all untrusted output contexts.
Named vs. Numeric vs. Hex Entities
HTML supports three formats for character references. Named entities like © are human-readable and easy to remember, but only about 250 characters have named references defined in the HTML specification. Decimal numeric entities like © use the character's Unicode code point in base 10 and can represent any Unicode character. Hexadecimal entities like © work the same way but use base 16, which aligns directly with how Unicode code points are conventionally written. Decimal and hex entities are functionally identical in terms of browser support — the choice is mostly stylistic. Named entities are generally preferred for common characters (better readability), while numeric forms are necessary for characters without named references.
When to Use HTML Entities
Beyond security, HTML entities are essential in several scenarios. Displaying code examples in blog posts or documentation requires encoding all angle brackets and ampersands so they appear as text rather than being parsed as HTML. Inserting non-breaking spaces ( ) prevents line breaks in specific locations. Typographic characters like em dashes (—), curly quotes (“/”), and ellipses (…) improve visual quality on pages that need precise typography. Mathematical symbols, currency signs, and arrows that aren't on standard keyboards can all be inserted via entities. This tool's reference table below provides a quick lookup for the most commonly needed HTML entities across all these categories.