HTML Encode/Decode
Convert special characters to HTML entities to prevent XSS attacks, supports named, decimal and hexadecimal entities
About HTML Encoding
HTML encoding is the process of converting special characters into HTML entities. Some characters have special meanings in HTML (such as < and >), and if used directly in HTML, they may break the page structure or cause security issues.
By converting these characters to their corresponding HTML entities, browsers can display them correctly without interpreting them as HTML tags. This is an important security measure in web development to prevent XSS (Cross-Site Scripting) attacks.
Security Tip: Always HTML encode user input before displaying it on a webpage. This is a fundamental security measure to prevent XSS attacks.
Common Use Cases
- Prevent XSS (Cross-Site Scripting) attacks
- Display special characters and symbols in HTML
- Safely include quotes in attribute values
- Display HTML code examples without executing them
- Handle user input containing special characters
Entity Type Descriptions
Named Entities
Use memorable names, good readability, but not all characters have named entities
< > &
Decimal Entities
Use character's Unicode code point (decimal), applicable to all characters
< > &  
Hexadecimal Entities
Use character's Unicode code point (hexadecimal), consistent with CSS and JavaScript
< > &  
Common HTML Entities Reference
| Character | Named Entity | Decimal | Hexadecimal | Description |
|---|---|---|---|---|
| < | < | < | < | Less than (tag start) |
| > | > | > | > | Greater than (tag end) |
| & | & | & | & | Ampersand (entity start) |
| " | " | " | " | Double quotation mark |
| ' | ' | ' | ' | Single quotation mark/apostrophe |
| |   |   | Non-breaking space | |
| © | © | © | © | Copyright symbol |
| ® | ® | ® | ® | Registered trademark symbol |
| ™ | ™ | ™ | ™ | Trademark symbol |