INPUT
Plain text / HTML
OUTPUT
HTML entities
Output appears here
Paste input and click Convert// encode and decode HTML entities in one click
Encode and decode HTML entities instantly in the browser. Supports named entities, numeric decimal & hex codes, full Unicode, and special characters — free, no signup.
Output appears here
Paste input and click ConvertUse the tabs at the top to switch between encoding plain text to HTML entities, or decoding entities back to readable characters.
Select Named (&), Decimal (&), or Hex (&) output format. Enable "Encode all chars" to encode every character, not just special ones.
Click "▶ CONVERT" or type and it converts live. Copy the result or download as a .txt file. The character breakdown table shows every entity used.
HTML entities are codes that represent characters with special meaning in HTML — like <, >, &, and " — or characters outside the standard ASCII range. This tool converts between plain text and their entity equivalents in three formats: named, decimal, and hexadecimal.
An HTML entity is a string that begins with & and ends with ;, representing a character that either has special meaning in HTML (like < for the less-than sign) or that is difficult to type directly (like © for ©). Browsers replace entities with their corresponding characters when rendering the page.
You must encode characters like <, >, &, and " whenever they appear as literal content rather than HTML markup. This prevents browsers from misinterpreting content as tags, and is essential for security — unencoded user-generated content can lead to cross-site scripting (XSS) vulnerabilities.
All three refer to the same character, just in different notations. Named entities use a human-readable keyword: &. Decimal entities use the Unicode code point in base-10: &. Hex entities use the code point in base-16: &. Named entities exist only for common characters; decimal and hex work for any Unicode character.
By default, only characters with special HTML meaning or those outside ASCII are encoded. "Encode all chars" converts every character — including regular letters and digits — into their entity equivalents. The result is safe to paste into any context but much longer than necessary for typical use.
Yes. All encoding and decoding happens entirely in your browser — no text is sent to any server. Your content never leaves your machine. The tool works offline once the page is loaded.
Yes. Switch to Decode mode and paste any HTML containing entities — the tool will decode all of them simultaneously, regardless of whether they are named, decimal, or hex format. Mixed formats in the same input are handled correctly.
HTML entities are the backbone of safe and portable HTML content. Whenever a character might be interpreted as HTML markup rather than plain text — or when a character falls outside the standard keyboard range — entities provide an unambiguous, universally supported way to represent it.
Five characters absolutely must be encoded in HTML content: & (&), < (<), > (>), " ("), and ' ('). Leaving any of these unencoded in content (as opposed to markup) risks broken rendering or, in the case of user-generated content, XSS attacks. Every server-side template engine and front-end framework auto-escapes these by default for exactly this reason.
Named entities like , ©, and — only exist for a subset of HTML5-defined characters. Numeric entities — decimal (©) or hex (©) — work for any Unicode code point, making them the universal fallback for characters with no named equivalent. Both forms are supported in all major browsers and XML parsers.
Cross-site scripting (XSS) attacks inject malicious scripts through unescaped HTML. If a user submits <script>alert(1)</script> and your application renders it without encoding, the browser executes the script. Encoding the input to <script> renders it as visible text rather than executable code. This tool helps you verify your encoding is correct, test edge cases, and quickly escape HTML for safe inclusion in articles, documentation, and emails.