Processed in your browser. Your data never leaves your device.

HTML Entity Encoder Online

Q: Which characters need to be HTML-encoded?

At minimum, you should encode the five characters with special meaning in HTML: (>), & (&), " ("), and ' ('). Additionally, non-ASCII characters like © and é can be encoded for maximum compatibility.

Encode special characters into HTML entities instantly in your browser. This free tool converts characters like <, >, and & into their safe HTML equivalents client-side.

← Back to tools

HTML Entity Encoder & Decoder

Encode special characters as HTML entities or decode entities back to text. Fast, private, and free.

Encode mode:

Only encodes & < > " ' (safe for HTML content)

Common HTML Entities

Character	Named	Numeric	Description
&	`&`	`&`	Ampersand
<	`<`	`<`	Less than
>	`>`	`>`	Greater than
"	`"`	`"`	Double quote
'	`'`	`'`	Single quote
␣	` `	` `	Non-breaking space
©	`©`	`©`	Copyright
®	`®`	`®`	Registered trademark
™	`™`	`™`	Trademark
€	`€`	`€`	Euro sign
£	`£`	`£`	Pound sign
—	`—`	`—`	Em dash
–	`–`	`–`	En dash
…	`…`	`…`	Ellipsis
°	`°`	`°`	Degree
×	`×`	`×`	Multiply
÷	`÷`	`÷`	Divide
→	`→`	`→`	Right arrow

Quick Reference

Minimal mode encodes only the 5 characters that are special in HTML/XML: & < > " '. Use this when your text contains HTML tags or attributes.

All Characters mode also encodes every non-ASCII character (accented letters, symbols, emoji) using named entities where available, or numeric codes. Use this when you need pure ASCII output.

Decoding recognizes named entities (&), decimal codes (©), and hex codes (©).

What are HTML entities?

HTML entities are special codes used to represent characters that have reserved meaning in HTML or that cannot be easily typed on a keyboard. For example, the less-than sign (<) is written as < and the ampersand (&) is written as &. Entities can use named references (like © for ©) or numeric references (like ©).

Why encode HTML entities?

Encoding HTML entities is essential for preventing XSS (cross-site scripting) vulnerabilities in web applications, displaying code snippets on web pages without the browser interpreting them as markup, correctly rendering special characters and symbols in HTML documents, and ensuring that user-generated content is safe to display.

// JavaScript — encode HTML entities
function encodeHtml(str) {
  return str
    .replace(/&/g, '&amp;')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/"/g, '&quot;')
    .replace(/'/g, '&#39;');
}
encodeHtml('<script>alert(1)</script>');
// '&lt;script&gt;alert(1)&lt;/script&gt;'

# Python — encode HTML entities
import html
html.escape('<script>alert(1)</script>')
# '&lt;script&gt;alert(1)&lt;/script&gt;'

Frequently Asked Questions

Which characters need to be HTML-encoded?

At minimum, you should encode the five characters with special meaning in HTML: < (<), > (>), & (&), " ("), and ' ('). Additionally, non-ASCII characters like © and é can be encoded for maximum compatibility.

Does HTML entity encoding prevent XSS attacks?

Encoding the key characters (<, >, &, ", ') is a critical part of XSS prevention. It stops browsers from interpreting user input as executable HTML or JavaScript. However, complete XSS protection requires encoding in the right context and using a Content Security Policy.

Related Convert Tools

XML

JSON ↔ XML Converter

Convert JSON to XML and XML to JSON instantly — handles nested objects, arrays, attributes, CDATA sections, and XML declarations

px→

CSS Unit Converter

Convert between px, rem, em, pt, vw, vh, and % — single values or batch-convert entire CSS files with configurable base font size

B64

Base64 Codec

Encode and decode Base64 strings with Unicode support

CLR

Color Converter

Convert colors between HEX, RGB, and HSL formats