HTML Entities Encoder & Decoder (Free Online Tool)
Some characters can't appear literally in HTML — a < starts a tag, an & starts an entity, and a " can close an attribute. To show them as text, you encode them as HTML entities: <, &, ". Getting this right prevents broken layouts and a whole class of security bugs. Here's what entities are and how to encode or decode them quickly.
Why HTML entities exist
HTML reserves a few characters for markup. If you write a literal < in your content, the browser thinks a tag is starting. Encoding it as < tells the browser "show a less-than sign, don't interpret it." The essential ones:
<→<>→>&→&"→"'→'
Entities also let you insert characters that are hard to type — © (©), → (→), — (—), accented letters, and symbols.
How to use the tool
The free HTML Entities tool encodes and decodes:
- Open it — no signup.
- Paste text to encode (special characters → entities) or entity-laden text to decode (entities → characters).
- Use the searchable reference to find the entity for a specific symbol.
- Copy the result.
It runs in your browser; nothing is uploaded.
Where it matters
- Displaying code or markup as text — showing
<div>on a page without it rendering. - Escaping user input — encoding
<,>, and&is a core defense against cross-site scripting (XSS); never drop raw user input into HTML. - Inserting symbols — copyright, arrows, em dashes, currency, accented characters.
- Fixing mojibake — decoding text that arrived as a wall of
&entities.
A security note
Encoding <, >, &, and quotes in any content that includes user input is one of the simplest, most important defenses against XSS attacks. If you're rendering anything a user typed, escape it. This tool is handy for understanding and testing that escaping, though your application framework should be doing it automatically in production.
Common questions
What is an HTML entity? A code like < that represents a character HTML would otherwise interpret as markup, or a symbol that's hard to type.
Why encode <, >, and &? So the browser shows them as text instead of treating them as markup — and to prevent XSS when displaying user input.
Is my text private? Yes — the tool runs entirely in your browser.
Related reading: Markdown to HTML · URL Encoder & Decoder · explore the other free tools.
Sovereign Agentics builds free, privacy-first browser tools. Our premium Claude prompt systems fund the free ones.