HTML reserves five characters that must be encoded when they appear as literal content rather than as part of the HTML structure: the ampersand, the less-than sign, the greater-than sign, the double quote, and the apostrophe. Encoding replaces each with its named entity (like & for &) or numeric entity (like &). When you display user-submitted content, encoding these characters prevents the browser from interpreting them as HTML, which is the foundation of basic cross-site-scripting prevention. This tool converts between plain text and HTML-entity-encoded form in both directions. The named-entity table covers the standard five plus many common typographic characters (em dashes, smart quotes, copyright signs, mathematical symbols). Numeric entities work for any Unicode code point.
Frequently asked questions
For text content placed between HTML tags, yes. For attribute values, you also need to consider the quote style and which characters need encoding. For JavaScript event handlers or style attributes, HTML entity encoding alone is not sufficient and dedicated context-aware escaping is required. For modern web frameworks (React, Vue, Angular), the framework handles encoding automatically when you bind a variable to a text node; manual encoding is rarely needed.
Related tools
- Base64 Encoder & DecoderConvert any text or binary data to and from Base64 in your browser.
- Case ConverterConvert any text between every common case style: camel, Pascal, kebab, snake, CONSTANT, Title, sentence, dot, lower, and upper.
- URL Encoder and DecoderEncode any string to URL-safe percent-encoding, or decode an encoded URL back to plain text.