Skip to content
1001 Tools
sr
Developer tools

HTML Entity Encoder and Decoder

Switch between encoding and decoding HTML entities. Encoding makes text safe to drop into HTML by escaping the characters that would otherwise be read as markup; decoding turns entities like &, é or A back into real characters. It all happens in your browser.

Encoded HTML

How it works

Encoding always escapes the five characters that break markup or enable injection: & becomes &amp;, < becomes &lt;, > becomes &gt;, the double quote becomes &quot;, and the apostrophe becomes &#39;. Everything else is left as readable text, so accented letters stay legible — unless you tick the non-ASCII option, which converts every character above code point 127 into a numeric reference like &#233;.

Decoding recognises three forms: named references from a common set (&amp;, &copy;, &mdash; and dozens more), decimal references such as &#233;, and hex references such as &#x41;. Anything it doesn’t recognise — a misspelled name, or an ampersand with no semicolon — is left exactly as-is, so it never mangles text that only looks like an entity.

Practical examples

Showing code in a page

To display <a href="x"> as text rather than a link, encode it to &lt;a href=&quot;x&quot;&gt; and paste that into your HTML — the browser now prints the tag instead of rendering it.

Cleaning up a scraped string

A copied snippet reads Tom &amp; Jerry &mdash; best friends. Decode it and you get Tom & Jerry — best friends, ready for a plain-text field.

Forcing ASCII-safe output

With the non-ASCII option on, “Beograd — čaj” becomes Beograd &#8212; &#269;aj, which survives systems that only accept 7-bit ASCII.

Frequently asked questions

Which characters get escaped when encoding?

The five that matter for safe HTML: &, <, >, the double quote and the apostrophe. These are the ones that can prematurely close a tag or attribute, so escaping them is what prevents broken markup and injection.

Why is the apostrophe encoded as &#39; and not &apos;?

&apos; isn’t defined in older HTML4 and can fail in some contexts, whereas the numeric &#39; works everywhere. Decoding still understands &apos; if you paste it in.

What does the non-ASCII option do?

It converts every character above code point 127 — accented letters, symbols, emoji — into a numeric entity like &#233;. Use it when a target system only accepts plain ASCII. Leave it off to keep text readable.

Which named entities can it decode?

A practical set of the common ones: the markup basics plus things like &copy;, &reg;, &trade;, &mdash;, &euro;, &pound;, arrows and fractions. Any character can also be decoded via its decimal or hex reference, which covers everything else.

What happens to entities it doesn’t know?

They’re left untouched. A made-up name like &notreal; or a bare &amp with no semicolon stays exactly as typed, so decoding never corrupts text that merely resembles an entity.

Does it handle emoji and other astral characters?

Yes. Encoding iterates by code point, so an emoji becomes a single reference like &#128512;, and decoding that reference restores the emoji correctly rather than producing broken halves.

Is encoding the same as URL encoding?

No. HTML entity encoding makes text safe inside HTML documents; URL encoding (percent-encoding) makes text safe inside URLs. For links, use our URL encoder instead.

Is my text uploaded?

No. Encoding and decoding run entirely in your browser, so nothing you paste is sent anywhere.

Related tools