HTML Entity Encoder / Decoder

Paste text to escape characters like <, >, & and quotes into safe HTML entities, or paste encoded text to decode it back. Useful before pasting code into a page. Everything runs in your browser.

Enter text or HTML and press Convert.

Why you escape HTML

Browsers treat certain characters as markup: < starts a tag, & starts an entity, and quotes delimit attributes. To show those characters as literal text — say, a code sample or a stray ampersand in a title — you replace them with HTML entities so the browser prints them instead of interpreting them.

< → &lt;  > → &gt;  & → &amp;  " → &quot;  ' → &#39;

Encoding also helps prevent broken layouts and a class of injection bugs, since user text can no longer be mistaken for tags. Decoding does the reverse, turning entities back into the original characters.

Worked example

The string <b>Tom & Jerry</b> encodes to:

< and > become &lt; / &gt;.
& becomes &amp;.
Result: &lt;b&gt;Tom &amp; Jerry&lt;/b&gt; — shows as text, not bold.

Named vs numeric entities

Named entities like &copy; and &amp; are readable but only exist for specific characters. Numeric entities like &#169; (decimal) or &#xA9; (hex) work for any Unicode code point, which is why the "all non-ASCII" mode uses numeric form — it's universal. For most web use, escaping just the five essentials is enough.

Tip: converting Markdown to a page? Pair this with the Markdown to HTML converter.

Frequently asked questions

Which characters must I always escape?

The five essentials are < > & " and '. Escaping these is enough to safely place arbitrary text inside HTML content and attributes without breaking the markup.

What's the difference between named and numeric entities?

Named entities like &copy; are human-readable but exist only for certain characters. Numeric entities like &#169; work for any Unicode character, so they're the universal fallback.

Can it decode entities back to text?

Yes. Switch the direction to 'Decode' and paste encoded text; the tool turns named and numeric entities back into the original characters using the browser's own parser.

Is anything uploaded?

No. Encoding and decoding run in your browser. Nothing you paste is sent to a server, so it's fine for private or unpublished content.

MB
Mustafa Bilgic · Editor, Calcool
Encodes the five HTML-significant characters plus optional numeric entities for non-ASCII; decoding uses the browser's native HTML parser. Everything runs in your browser — nothing you enter is uploaded, logged or stored.

Related calculators

📄 Markdown to HTML🔗 URL Encoder / Decoder🔐 Base64 Encoder / Decoder🧩 JSON Formatter