Sponsored
Ad slot is loading...
display harmlessly as text. Use server-side encoding libraries or client-side sanitization before rendering."}},{"@type":"Question","name":"What characters must be encoded in HTML?","acceptedAnswer":{"@type":"Answer","text":"Required: < (less than), > (greater than), & (ampersand) - these have special HTML meaning. In attributes: \" (double quote), ' (single quote) must be encoded. Optional: symbols like ©, €, non-ASCII characters. Encode reserved chars always; symbols only if needed for display."}}]}

HTML Entity Encoder & Decoder

Encode HTML special characters to entities, decode entities back to characters. Prevent XSS, display symbols, sanitize user input.

Encoded Result

&amp;lt;script&amp;gt;alert(&quot;Hello&quot;)&amp;lt;/script&amp;gt;

Quick Examples

Common HTML Entities

<&lt;
>&gt;
&&amp;
"&quot;
'&#39;
©&copy;
®&reg;
&euro;
£&pound;
¥&yen;
¢&cent;
°&deg;

Entity Formats

Named Entities
& Ampersand
< Less than
> Greater than
© Copyright
Numeric Entities
< Decimal code
< Hex code
€ Emoji support
😀 Hex emoji
Why Encode?
Prevent XSS attacks
Display in HTML context
Sanitize user input
Show code examples

Security Note

Encoding HTML entities prevents XSS by making <script> display as text instead of executing.
Always encode user input before displaying in HTML.
Use Content Security Policy (CSP) for additional protection.
Sponsored
Ad slot is loading...