Tool workspace
HTML entity encoder and HTML entity decoder online
Encode and decode HTML entities for markup, attributes and text.
HTML entity encoder and decoder
HTML entity encoder and decoder
bytes →
HTML entity encoder and decoder
Query parameters
IDN / Punycode
HTML entity encoder and decoder
..
Header
Payload
Metadata
· Expires:
Verify signature
Sign (HS)
HTML entity encoder and decoder
Pattern library
Highlighted matches
Matches ()
Replacement result
HTML entity encoder and decoder
Relative:
Timezone
Build from parts
Difference
HTML entity encoder and decoder
HTML entity encoder and decoder
HTML entity encoder and decoder
Examples
Input
<a href="x">Tom & Jerry</a>
Encoded
<a href="x">Tom & Jerry</a>
HTML Guides & articles
Why HTML Entities Exist
HTML entities let documents represent characters that would otherwise be mistaken for markup, but correct escaping depends on context.
Read articlePreventing XSS With Contextual Output Encoding
Cross-site scripting prevention depends on keeping untrusted data out of executable contexts and encoding for the exact place where data is inserted.
Read articleHTML Encoding, Decoding, and Data Quality
Entity bugs often reveal unclear ownership between storage, APIs, editors, and templates. A consistent data model prevents double encoding and corrupted text.
Read articleHTML entity encoder and decoder
Encode and decode HTML entities for markup, attributes and text. DevToolGrid Online offers a free HTML entity encoder and HTML entity decoder online.
What are HTML entities?
HTML entities are codes such as &, < and > that represent characters which would otherwise be treated as markup or are hard to type. Encoding text into entities is essential for displaying user content safely and preventing cross-site scripting (XSS); decoding turns entities back into the original characters.
How to encode or decode HTML entities
- 1 Paste text or markup into the input panel.
- 2 Choose named, decimal or hexadecimal entities, and special-only or all non-ASCII.
- 3 Click Encode to escape, Decode to unescape, or Strip tags to get plain text.
- 4 Beautify or minify markup, and use the sandboxed preview to see the result render.
Common HTML escaping mistakes
- Not escaping user inputInserting raw user text into a page enables XSS. Always encode &, <, > and quotes before output.
- Escaping in the wrong contextAttribute values, text nodes and URLs need different escaping. Quotes especially matter inside attributes.
- Double encodingEncoding already-escaped text turns & into &amp;. Encode each value once for the right context.
HTML encoder vs decoder
An HTML encoder converts characters into entities so text is safe to place in markup — it is the step that prevents XSS. An HTML decoder does the reverse, turning entities back into readable characters, which is useful when inspecting scraped or stored content. This tool does both, plus tag stripping, beautify and minify.
FAQ
Is this tool free?
Yes. The HTML entity encoder and decoder are completely free with no limits.
Is my data sent to a server?
No. Encoding, decoding and the preview run locally in your browser; nothing is uploaded.
Does encoding prevent XSS?
Encoding output for the correct context is a key defence against XSS, though a full strategy also uses a content security policy and validation.
What is the difference between named and numeric entities?
Named entities like & are readable; numeric ones like & or & work for any character, even without a defined name.