HTML Encoder/Decoder
Convert special characters to HTML entities to prevent XSS attacks
Common HTML Entities Reference
| Character | Named Entity | Decimal | Hexadecimal | Description |
|---|---|---|---|---|
| < | < | < | < | Less than sign (tag start) |
| > | > | > | > | Greater than sign (tag end) |
| & | & | & | & | Ampersand (entity start) |
| " | " | " | " | Double quotation mark |
| ' | ' | ' | ' | Single quote/apostrophe |
| |   |   | Non-breaking space | |
| © | © | © | © | Copyright symbol |
| ® | ® | ® | ® | Registered trademark symbol |
| ™ | ™ | ™ | ™ | Trademark symbol |
About HTML Encoding
HTML encoding is the process of converting special characters to HTML entities. Certain characters have special meaning in HTML (like < and >), and using them directly could break page structure or cause security issues.
By converting these characters to their corresponding HTML entities, browsers can display them correctly without interpreting them as HTML markup. This is an important security measure in web development to prevent XSS (Cross-Site Scripting) attacks.
Security Note: Always HTML-encode user input before displaying it on a web page. This is a fundamental security measure to prevent XSS attacks.
Common Use Cases
- Preventing XSS (Cross-Site Scripting) attacks
- Displaying special characters and symbols in HTML
- Safely including quotes in attribute values
- Displaying HTML code examples without executing them
- Processing user input containing special characters
Entity Types Explained
Named Entities
Use easy-to-remember names, good readability, but not all characters have named entities
< > &
Decimal Entities
Use character Unicode code point (decimal), works for all characters
< > &  
Hexadecimal Entities
Use character Unicode code point (hex), consistent with CSS and JavaScript
< > &