HTML Entity Encoder & Decoder

Escape special characters for HTML or decode common entities back to text.

How it works

Encoding protects text from being interpreted as markup in a text context. It is not a complete XSS defense; use context-aware escaping in applications.

Replace &, <, >, ", and ' with named HTML entities.

Common questions

Does encoding sanitize HTML?

No. It escapes text for a context; it does not remove unsafe HTML or scripts.

Is input sent to a server?

No. Processing runs in the browser.

Independent developer utility. Review output before using it in production.