HTML Entity Encoder & Decoder

Encode and decode HTML entities — named like & and ©, numeric like €, hex like €. Live preview. All in your browser.

Runs in your browser — nothing uploaded

Escapes only the five characters that break HTML: & < > " '. Use this for content going into HTML markup.

Plain text

HTML-encoded output

Encoded HTML appears here

Type or paste text above to HTML-encode it.

Use this free HTML entity encoder and decoder to convert characters to and from entity references — named like ©, decimal like €, or hex like €. Three encode modes give you control over how much to escape, and decoding handles every entity your browser understands.

Private by design — your data never leaves your device

How to use it

No account, no upload — it all happens on your device.

Pick Encode or Decode at the top.

In Encode mode, choose the scope: Basic (the 5 unsafe chars), Basic + non-ASCII as numeric, or Named entities where available.

Type or paste your input on the left — the result appears instantly on the right.

Click Copy to grab the output, or Swap to flip the result back into the input and reverse the mode.

The five characters you must always escape

Forgetting any one of these is how XSS happens.

Character	Entity	Why
&	&	Starts every other entity. Always escape first.
<	<	Opens a tag. Unescaped means injected markup.
>	>	Closes a tag. Pairs with < for safe HTML.
"	"	Closes attribute values.
'	' (or ')	Closes single-quoted attributes.

When you'd reach for each encode mode

The three modes solve three different problems.

Basic. The minimum for safe HTML. Use this when you control the encoding and rendering, and your storage is already UTF-8 end-to-end. Cleanest, smallest output.
Basic + non-ASCII (numeric). Same as Basic but every non-ASCII character becomes &#nnn;. Use this when the file has to be 7-bit clean — old SMTP relays, ASCII-only databases, certain legacy CMSes.
Named entities + numeric. Replaces characters with their named entity where one exists (©, —, €), numeric for everything else. More readable in source, but slightly larger and only useful when humans are reading the HTML.

Common named entities

The shortcuts you'll see most often in real HTML.

Character	Named entity	Numeric
©	©	©
®	®	®
™	™	™
€	€	€
£	£	£
¥	¥	¥
—	—	—
–	–	–
“ ”	“ ”	“ ”
‘ ’	‘ ’	‘ ’
…	…	…
•	•	•
→	→	→
nbsp

Privacy

Encoding and decoding both run in your browser. Encoding uses plain string replacement; decoding uses the browser's built-in HTML parser, which understands every entity it would in a real page. Nothing is uploaded, nothing is logged.

Frequently asked

What characters always need to be HTML-encoded?

The five that change the meaning of HTML: ampersand (&), less-than (<), greater-than (>), double-quote ("), and single-quote ('). Encoding any of these in user-supplied content prevents XSS and keeps your markup valid. The Basic mode does exactly that.

What's the difference between named and numeric entities?

Named entities are readable shortcuts the HTML spec defines, like © for ©, — for —, and € for €. Numeric entities reference the codepoint directly — decimal (€) or hex (€). Numeric entities work for every Unicode character; named entities only exist for a fixed set. Both render identically.

Why decode HTML at all — isn't the browser already doing that?

The browser decodes HTML when rendering a page. You still need to decode by hand when entities show up inside data — RSS feeds, scraped strings, CMS exports, JSON payloads, log files. Pasting Fish & chips €5 here gives you back Fish & chips €5.