How it works
Encoding protects text from being interpreted as markup in a text context. It is not a complete XSS defense; use context-aware escaping in applications.
Replace &, <, >, ", and ' with named HTML entities.
Common questions
Does encoding sanitize HTML?
No. It escapes text for a context; it does not remove unsafe HTML or scripts.
Is input sent to a server?
No. Processing runs in the browser.
Independent developer utility. Review output before using it in production.