HTML entities
Encode and decode HTML entities, named or numeric.
- Instant
- Free
- Private (processed locally)
- No sign-up
Show code on a page without breaking everything
To show <div> on a web page, you must encode it, otherwise the browser thinks it’s a real tag. This tool encodes special characters into HTML entities and does the reverse to read already-encoded content.
-
Paste the text
Code, symbols, accents — anything.
-
Encode or decode
And choose named entities (readable) or numeric (universal).
-
Copy
The result is ready to paste into your HTML.
The five entities to always know
| Character | Named | Numeric |
|---|---|---|
| & | & | & |
| < | < | < |
| > | > | > |
| " | " | " |
| ' | ' | ' |
Encoding these five characters in any content inserted into a page is the first defence against XSS injection. Decoding here is safe: it never executes the HTML.
Frequently asked questions
Named or numeric entities — which to choose?
Named ones (&, ©) are readable; numeric ones (&, ©) always work, even for characters without a defined name. For maximum compatibility and rare characters, numeric is safer. Uncheck the option to encode everything numerically.
Which characters absolutely must be encoded?
HTML’s five “reserved” ones: & (&), < (<), > (>), " (") and ' ('). Forgetting them allows tag injection or broken display. The rest (accents, symbols) is optional if your page is UTF-8.
Is decoding safe?
Yes: decoding uses textarea.value, which resolves entities without ever executing HTML or script. You can decode unknown content with no risk of execution.
Why doesn’t show as a space?
The non-breaking space ( , U+00A0) looks like a space but isn’t: it prevents line breaks and often merges badly in code. The encoder makes it visible as so you can spot these treacherous spaces.