HTML Encoder/Decoder
Convert special characters to HTML entities to prevent XSS attacks
Common HTML Entities Reference
| Character | Named Entity | Decimal | Hexadecimal | Description |
|---|---|---|---|---|
| < | < | < | < | Less than sign (tag start) |
| > | > | > | > | Greater than sign (tag end) |
| & | & | & | & | Ampersand (entity start) |
| " | " | " | " | Double quotation mark |
| ' | ' | ' | ' | Single quote/apostrophe |
| |   |   | Non-breaking space | |
| ? | © | © | © | Copyright symbol |
| ? | ® | ® | ® | Registered trademark symbol |
| ? | ™ | ™ | ™ | Trademark symbol |
About HTML Encoding
HTML encoding is the process of converting special characters to HTML entities. Certain characters have special meaning in HTML (like < and >), and using them directly could break page structure or cause security issues.
By converting these characters to their corresponding HTML entities, browsers can display them correctly without interpreting them as HTML markup. This is an important security measure in web development to prevent XSS (Cross-Site Scripting) attacks.
Security Note: Always HTML-encode user input before displaying it on a web page. This is a fundamental security measure to prevent XSS attacks.
Common Use Cases
- Preventing XSS (Cross-Site Scripting) attacks
- Displaying special characters and symbols in HTML
- Safely including quotes in attribute values
- Displaying HTML code examples without executing them
- Processing user input containing special characters
Entity Types Explained
Named Entities
Use easy-to-remember names, good readability, but not all characters have named entities
< > &
Decimal Entities
Use character Unicode code point (decimal), works for all characters
< > &  
Hexadecimal Entities
Use character Unicode code point (hex), consistent with CSS and JavaScript
< > &  
References
- WHATWG HTML - Named Character References
- MDN Web Docs - HTML Entities
- W3C HTML 4.0 Character Entity Reference
Related Tools
XML Formatter
Format and validate XML data with syntax highlighting
Escape/Unescape Tool
Escape and unescape strings between multiple formats including JavaScript, JSON, HTML, XML, CSV, SQL and more
URL Encoder/Decoder
Encode and decode URLs to ensure compliance and usability
Base64 Encoder/Decoder
Quickly encode and decode Base64 strings, supporting both text and file conversion
Charset Converter
Convert text encoding between UTF-8, GBK, Big5, Shift_JIS, ISO-8859, Windows codepages with auto-detection
JSON Formatter
Format and validate JSON data for improved readability and debugging