Encoding & Crypto · Free Tool

HTML Encoder & Decoder

Convert special characters to HTML entities (&, <, >) or decode entities back to plain text.

About this tool

Encode special characters into HTML entities — & becomes &amp;amp;, < becomes &amp;lt;, quotes become &amp;quot; — or decode a string full of entities back into plain readable text.

Encoding user-supplied text before rendering it in HTML is the fundamental defense against cross-site scripting (XSS), and it is also how you display code samples on a web page without the browser executing them.

Common uses

  • Display an HTML or XML code snippet on a web page without it rendering
  • Decode scraped content full of &amp;#39; and &amp;quot; entities
  • Safely insert user-generated text into an HTML template

Frequently asked questions

Which characters must always be encoded in HTML?

At minimum & < and > everywhere, plus quotes (" and ') inside attribute values. These five cover the cases that break markup or enable script injection.

Does this handle numeric entities like &#8212;?

Yes — decoding resolves both named entities (&amp;mdash;) and numeric ones (&amp;#8212;) to their actual characters.

Is my data uploaded to a server?

No. This tool runs entirely in your browser using JavaScript — nothing you type is transmitted, logged, or stored anywhere. You can even use it offline once the page has loaded.