Which HTML characters need to be encoded?

At minimum: , &, ", and '. Encoding these prevents your text from being interpreted as HTML markup and avoids cross-site scripting (XSS) when displaying user input.

What is the difference between < and <?

Both decode to the same "<" character. Named entities (<) are easier to read, while numeric entities (<) work universally even when the parser does not know the named entity.

When should I use this instead of just escaping?

Use it whenever you need to embed raw HTML inside another HTML document, blog post, code snippet, JSON payload, or email template. Decoding is helpful when you receive entity-encoded HTML from an API or CMS export.

Does the tool run in my browser?

Yes — encoding and decoding both happen entirely client-side. Nothing leaves your browser.

HTML Encoder / Decoder

Key Features

Encode HTML special characters

Decode HTML entities back to text

Encode non-ASCII as numeric entities

Round-trip safe

Copy and download output

Import from URL or file

Theme switcher

Fullscreen editor mode

Free Online HTML Encoder and Decoder

Convert HTML special characters into safe entities — or decode them back to plain text — with our online HTML encoder and decoder. Whether you need to display raw HTML inside a blog post, escape user input to prevent XSS, or read entity-encoded markup from an API response, this tool handles it instantly in your browser.

Why HTML encoding matters

Browsers interpret characters like <, >, &, and quotes as part of HTML markup. To display them as literal text, they must be replaced with named or numeric entities (<, >, &, etc.). Failing to encode these characters when rendering user input is the foundation of cross-site scripting (XSS) — one of the most common web vulnerabilities.

Three encoding modes

Basic: Encodes only the five structural HTML characters (<, >, &, ", '). Fast, minimal output, ideal for inline escaping.
All non-ASCII as numeric: Basic encoding plus numeric entities (&#nnnn;) for every character above the 7-bit ASCII range. Useful for emails or systems with strict character-set requirements.
All named entities: Basic encoding plus a curated list of common named entities like  , ©, —, and currency symbols.

Common use cases

Display HTML examples inside blog posts or documentation
Safely store user-submitted content in a database before rendering
Decode entity-encoded HTML received from an XML feed or CMS export
Convert characters for email subject lines or query strings

Pair with related tools

After encoding, use the HTML editor to preview the result, or the HTML beautifier to format the surrounding markup. To go back the other way — from HTML to plain text — try the HTML to Markdown converter.

Privacy

All encoding and decoding happens entirely in your browser using the built-in DOMParser for decoding and a custom encoder for output. Nothing is uploaded to a server.