HTML Entity Encoder
Convert HTML entity characters online, supports encoding and decoding to prevent XSS attacks
Select Conversion Method
What is HTML Entity Encoding?
HTML entity encoding is a mechanism that converts special characters into HTML entity references. In HTML, certain characters have special meanings (like <, >, &), and if you need to display these characters themselves on the page, you must use entity encoding. Entity encoding comes in two forms: named entities (like <) and numeric entities (like <). Named entities are more readable, while numeric entities can represent any Unicode character.
Main Uses of HTML Entity Encoding
- Prevent XSS Attacks: Escape special characters in user input to prevent malicious script injection
- Display Special Characters: Show reserved characters like < > & " ' in HTML
- Internationalization Support: Use numeric entities to display special characters from various languages
- Code Display: Safely display HTML code snippets on web pages
How to Use
Basic Operations
- Enter or paste text to convert in the left input box
- Click the corresponding conversion button to select encoding or decoding method
- The result will automatically display on the right
- Click the "Copy" button to copy the result to clipboard
Conversion Methods
- HTML Entity Encode: Convert < > & " ' to named entities, suitable for XSS prevention
- HTML Entity Decode: Restore named entities to original characters
- Numeric Entity Encode: Convert special characters to numeric entity form (like <)
- Full Encode: Encode all non-ASCII characters, suitable for internationalization
- Full Decode: Restore all forms of HTML entities
Keyboard Shortcuts
Ctrl + E- HTML Entity EncodeCtrl + D- HTML Entity Decode
Common HTML Entity Characters
| Char | Named Entity | Numeric Entity | Description |
|---|---|---|---|
| < | < | < | Less than |
| > | > | > | Greater than |
| & | & | & | Ampersand |
| " | " | " | Double quote |
| ' | ' | ' | Single quote |
| Space | |   | Non-breaking space |
| © | © | © | Copyright |
| ® | ® | ® | Registered trademark |
| ™ | ™ | ™ | Trademark |
| € | € | € | Euro sign |
| ¥ | ¥ | ¥ | Yen/Yuan sign |
FAQ
Q: What's the difference between HTML entity encoding and URL encoding?
A: HTML entity encoding is used in HTML documents, converting special characters to &xxx; or &#xxx; format; URL encoding is used in URLs, converting special characters to %XX format. They serve different purposes - HTML encoding for page content, URL encoding for link addresses.
Q: Why does & display as & after encoding?
A: Because & itself is the prefix for entity encoding, it needs to be handled first during encoding. The first encoding converts & to &, which is correct. Decoding will restore & back to &.
Q: Which is better, named entities or numeric entities?
A: Named entities (like <) are more readable and easier to maintain; numeric entities (like <) can represent any Unicode character with better compatibility. Named entities are recommended for common characters, numeric entities for special characters.
Q: How to prevent XSS attacks?
A: For user input content, before outputting to HTML pages, use HTML entity encoding to escape characters like < > & " '. This way, even if a user inputs malicious scripts, they will be displayed as plain text and not executed.
Q: Is my data safe?
A: Completely safe. All processing is done locally in your browser, and data is never uploaded to any server. Your data always stays on your device.