Encoding & Crypto · Free Tool
HTML Encoder & Decoder
Convert special characters to HTML entities (&, <, >) or decode entities back to plain text.
About this tool
Encode special characters into HTML entities — & becomes &amp;, < becomes &lt;, quotes become &quot; — or decode a string full of entities back into plain readable text.
Encoding user-supplied text before rendering it in HTML is the fundamental defense against cross-site scripting (XSS), and it is also how you display code samples on a web page without the browser executing them.
Common uses
- Display an HTML or XML code snippet on a web page without it rendering
- Decode scraped content full of &#39; and &quot; entities
- Safely insert user-generated text into an HTML template
Frequently asked questions
Which characters must always be encoded in HTML?
At minimum & < and > everywhere, plus quotes (" and ') inside attribute values. These five cover the cases that break markup or enable script injection.
Does this handle numeric entities like —?
Yes — decoding resolves both named entities (&mdash;) and numeric ones (&#8212;) to their actual characters.
Is my data uploaded to a server?
No. This tool runs entirely in your browser using JavaScript — nothing you type is transmitted, logged, or stored anywhere. You can even use it offline once the page has loaded.