Tech

HTML entities encoder

Encode text to HTML entities (named or numeric) and decode entities back to real characters. Accents, symbols and the special characters, all live and in your browser.

Instant🔒In your browserNo signup
Live
What to encode
Encoded result

What HTML entities are

An HTML entity is a way to write a character using a code instead of the character itself. They exist for several reasons. First, some characters are reserved: the browser reads < as the start of a tag, so to display a literal less-than sign on the page you have to write it as &lt;. Second, in old or misconfigured encodings accents and non-Latin letters would break, and writing them as &eacute; or &ntilde; guaranteed they showed up correctly anywhere. Third, many symbols like ©, or are not on the keyboard and are easier to type by name. They are used to display code in a blog, to build HTML emails that render the same in old clients, to prevent XSS when inserting user content, and in any CMS that encodes the text you paste.

Named, decimal and hexadecimal

Every entity starts with an ampersand and ends with a semicolon. In between there can be a name (&copy; for copyright), a decimal number preceded by a hash (&#169;), or a hexadecimal number with #x (&#xA9;). All three forms above represent the same character. Named entities are readable but only exist for a limited set; numeric entities work for any Unicode character, including emoji. That is why, when you encode with names, anything without a name automatically falls back to numeric.

Encoding and decoding safely

Encoding means going from <café> to &lt;café&gt; (specials only) or to &lt;caf&#233;&gt; (all non-ASCII). Decoding is the reverse path: from &#233; you get back é, from &ntilde; you get ñ, from &amp; you get &. Many converters decode by putting the text into innerHTML, which can run hidden scripts. Not here: we use an explicit map of names and String.fromCodePoint for the numeric ones, all as pure text, and the result goes into a textarea value. We never touch innerHTML, so decoding is safe even with malicious content.

Reference table of common entities

CharacterNamedDecimalHexadecimalDescription
&&amp;&#38;&#x26;Ampersand
<&lt;&#60;&#x3C;Less-than
>&gt;&#62;&#x3E;Greater-than
"&quot;&#34;&#x22;Double quote
'&apos;&#39;&#x27;Single quote
(space)&nbsp;&#160;&#xA0;Non-breaking space
©&copy;&#169;&#xA9;Copyright
®&reg;&#174;&#xAE;Registered trademark
&trade;&#8482;&#x2122;Trademark
&euro;&#8364;&#x20AC;Euro
£&pound;&#163;&#xA3;Pound sterling
°&deg;&#176;&#xB0;Degree
±&plusmn;&#177;&#xB1;Plus-minus
×&times;&#215;&#xD7;Multiplication
&mdash;&#8212;&#x2014;Em dash
&ndash;&#8211;&#x2013;En dash
&hellip;&#8230;&#x2026;Ellipsis
«&laquo;&#171;&#xAB;Left angle quote
»&raquo;&#187;&#xBB;Right angle quote
ñ&ntilde;&#241;&#xF1;Lowercase n with tilde
é&eacute;&#233;&#xE9;E with acute accent
¿&iquest;&#191;&#xBF;Inverted question mark

What this encoder is for

  • Display HTML code snippets in a blog without rendering them.
  • Build HTML emails that look the same in old clients, with symbols and accents encoded.
  • Prevent XSS by encoding user input before putting it in the DOM.
  • Clean up text that arrived with entities from an RSS feed, an API or a database export.
  • Insert symbols that are not on the keyboard (©, €, ™, arrows) by name.

FAQ

What is an HTML entity?

A way to write a character with a code instead of the character itself. It starts with an ampersand, follows with a name or number, and ends with a semicolon. Used for reserved characters, accents and symbols.

What is the difference between named and numeric entities?

Named ones use a word (amp, copy, ntilde) and are readable but limited. Numeric ones use the Unicode number, in decimal or hex, and work for any character. With no name available, it falls back to numeric.

What is &nbsp; and what is it for?

A non-breaking space: it looks like a normal space but the browser never breaks the line there and never collapses several in a row. Useful for keeping words or units together.

When do I need to encode to HTML entities?

To display characters HTML would interpret as code, to write code in a blog, for HTML emails compatible with old clients, or to prevent XSS when inserting user content into the DOM.

Decimal or hexadecimal entity: which one?

Both represent the same Unicode number. Decimal (&#233;) is more readable; hexadecimal (&#xE9;) matches the U+00E9 notation of Unicode tables and CSS. Pick whichever is more convenient.

Do HTML entities prevent XSS?

Yes. Encoding special characters before inserting content into a page makes a script tag show up as text instead of executing. Always encode input you do not control.

Is decoding here safe?

Yes. We do not use innerHTML (which can run scripts). We decode with an explicit map of names and String.fromCodePoint for the numeric ones, as pure text, into a textarea value.

Is my text sent to a server?

No, everything happens in your browser with JavaScript. Your text never leaves your device.

Was this generator useful?