HTML Encoder Decoder - Escape & Unescape Entities

Convert special characters to HTML entities (<, &, "…) or turn entities back into readable text. Everything runs in your browser — nothing is uploaded or stored.

What HTML Encoding Does

HTML reserves characters like <, > and & for markup. To display them literally — or to safely embed user text inside a page — they must be written as entities: &lt;, &gt;, &amp;, &quot; and &#39;. Encoding is also the standard defence against HTML injection when echoing untrusted input.

Encoding vs Decoding

  • Encode — converts & < > " ' into their named entities so markup displays as text. Characters outside basic ASCII are left as-is (modern UTF-8 pages don't need them escaped).
  • Decode — converts any entity (named like &eacute;, decimal like &#233;, or hex like &#xE9;) back to its character, using the browser's own parser — so every entity a browser understands is supported.

Privacy

All conversion happens locally in your browser with JavaScript. Your text never leaves your device and disappears when you close the page.

Frequently Asked Questions

When do I need to encode HTML?
Whenever text that may contain <, >, & or quotes must be displayed inside a web page rather than interpreted as markup — code examples, user-generated content, or attribute values. Encoding is also the standard defence against HTML injection (XSS) when echoing untrusted input.
Which characters does the encoder convert?
The five HTML-reserved characters: ampersand, less-than, greater-than, double quote and apostrophe become &amp; &lt; &gt; &quot; and &#39;. Other characters are left as-is — modern UTF-8 pages do not need accented or Unicode characters escaped.
Can the decoder handle every kind of entity?
Yes. Decoding uses your browser's own HTML parser, so all named entities (&eacute;), decimal references (&#233;) and hexadecimal references (&#xE9;) are supported — anything a browser understands, this tool decodes.
Is my text sent to your server?
No. Both encoding and decoding run in JavaScript locally in your browser. Nothing is uploaded, stored, or logged.
Is HTML encoding the same as URL encoding?
No — they solve different problems. HTML encoding protects characters inside page markup. URL encoding (percent-encoding, %20 for a space) protects characters inside web addresses. Use our URL Encoder/Decoder for the latter.
Last reviewed: Reviewed by the

How this tool works: This tool runs in your browser and on our server in real time. Depending on the tool, results are computed directly from the input you provide or retrieved from live, authoritative data sources at the moment you run a lookup. We do not sell your data, and your lookups are kept private — any history shown here is stored only on your device.

Related Tools

Explore these related tools to get more insights and complete your analysis:

IP Lookup

Enter any IP address to instantly find its geographic location, ISP, hostname, and organization. Our IP lookup tool provides accurate geolocation data worldw...

DNS Lookup

Check DNS records for any domain instantly. Our free DNS lookup tool queries authoritative nameservers to show A, AAAA, MX, TXT, NS, SOA, and CNAME records.

WHOIS Lookup

Look up WHOIS data for any domain to see registration details, nameservers, registrar information, creation and expiration dates, and contact information.

SSL Certificate Checker

Check any website's SSL/TLS certificate. View expiration date, issuer, certificate chain, supported protocols, and get a security grade with recommendations.

Port Scanner

Scan any host to discover open ports and identify running services. Essential for security audits, firewall testing, and network troubleshooting.