HTML Entity Encode / Decode

Encode HTML special characters (<, &, ", ', >) as named or numeric entities, or decode them back to plain text. Auto-detects direction.

Example: <p>Hello & world</p> → <p>Hello & world</p>

HTML entity encoding replaces special characters that would otherwise be interpreted as HTML markup. < becomes <, & becomes &, and so on. This is required when displaying user-generated content as plain text inside a web page — without it, you've got an XSS vulnerability.

The tool auto-detects: if the input contains entity references, it decodes; otherwise it encodes.

How the encoding works

The tool scans each character in the input string and maps it to its corresponding HTML entity as defined in the HTML5 specification. For the five predefined character references — & (&), < (<), > (>), " ("), and ' (') — it uses named entities. For other characters, it falls back to numeric character references: decimal (&#codepoint;) or hexadecimal (&#xcodepoint;). The auto-detect logic examines the input for the presence of &; if found, it assumes the input is entity-encoded and attempts to decode by parsing each entity token and converting it back to its Unicode code point. Encoding always favors named entities for the five special characters; for all others, it uses the character's numeric Unicode code point.

How to use this encoder

Type or paste the text you want to encode or decode into the input box.
Click the 'Encode' button to convert special characters to HTML entities.
Click the 'Decode' button to convert HTML entities back to plain text.
Copy the result from the output box and use it in your HTML or application.

Edge cases worth knowing

Non‑ASCII characters: Characters like © or ® are encoded as their numeric entity (e.g., ©) since they have no named entity.
Double encoding: If input already contains & and you encode again, it becomes &; the tool does not prevent this — you must ensure input is raw text.
Invalid entities: Decoding treats malformed entities like &unknown; as literal text, leaving them unchanged.

Encoding pro tips

Always decode before editing raw text to avoid accidentally inserting visible entity codes.
Use numeric entities (e.g., ∫) for unusual symbols that lack named entities.
When embedding user input in HTML, encode only the five dangerous characters to prevent XSS.
Test double‑encoding by pasting encoded output back; it should decode to the original plain text.

vs other encoders

Manual find‑replace and language‑specific libraries offer alternative ways to handle HTML entity encoding.

	This tool	Python html module	Notepad++ find & replace
Ease of use	No installation, works in browser instantly	Requires Python script and shell	Requires launching editor, multi‑step regex
Character coverage	Full Unicode via numeric entities	Full Unicode via html.escape/unescape	Only explicit replacements, not automatic
Batch processing	Single string at a time	Can process files programmatically	Manual per‑document, no automation

A bit of history

HTML entities originate from SGML, the parent standard of HTML. The five basic entities — <, >, &, ", and ' — were formalized in RFC 1866 (HTML 2.0, 1995) by Tim Berners‑Lee and Dan Connolly. Numeric character references, based on Unicode code points, were later incorporated in HTML 4.0 (1997) to support international characters. The tool automates the encoding/decoding that developers previously performed manually or via server‑side functions.

When to use this encoding

Displaying code samples on a webpage

If you want to show <div> as text rather than render it, encode the angle brackets first.

Sanitising user input

Before inserting user-typed content into the DOM, entity-encode to prevent script injection. Modern frameworks do this automatically; raw HTML strings need manual escaping.

Reading raw API responses

Some APIs return entity-encoded HTML in JSON values. Decoding makes them human-readable.

Sharing URLs with ampersands in chat

Some chat tools render & in URLs as broken entities. Encoding the share URL once before pasting fixes that edge case.

Embedding HTML inside attributes

Rich tooltips and data-attributes that hold HTML need their content entity-encoded so the outer parser doesn't get confused.

Encoding FAQ

What's the difference between named and numeric entities?

Named: <, &, ". Numeric: <, &, ". Both work; named are more readable, numeric work for any character including ones without a named entity.

Does it encode every special character?

The five must-encode HTML chars: <, >, &, ", '. Other characters (em dash, copyright) are passed through unchanged — modern HTML handles them as UTF-8.

How does decoding work?

The tool uses the browser's own HTML parser via a hidden textarea. Whatever the browser decodes is what you get — guaranteed correct for any valid entity reference.

Is this the same as URL encoding?

No — different escape sets. URL encoding uses %xx hex; HTML entity encoding uses &name; or &#nn;. Use URL encoding for URL components; HTML encoding for HTML content.

Embed our tools on your website

Free for any site. No signup. Iframe loads from our servers and stays up-to-date automatically.

📋 Embed the Word Counter

Copy this snippet:

<iframe src="https://www.wordcounttool.com/embed/word-counter" width="100%" height="500" frameborder="0" style="border:1px solid #ddd;border-radius:4px"></iframe>
<p style="font-size:11px;text-align:center;color:#999">
  Powered by <a href="https://www.wordcounttool.com/">Word Count Tool</a>
</p>

Live preview:

📋 Embed this HTML Entity Encode / Decode

Copy this snippet:

<iframe src="https://www.wordcounttool.com/embed/html-entity-encode-decode" width="100%" height="380" frameborder="0" style="border:1px solid #ddd;border-radius:4px"></iframe>
<p style="font-size:11px;text-align:center;color:#999">
  Powered by <a href="https://www.wordcounttool.com/html-entity-encode-decode">HTML Entity Encode / Decode</a>
</p>

Live preview:

Want more options? All embeddable tools →