Quick start
-
Encode or decode
Encode for HTML output; decode to read entity strings.
-
Paste content
Named and &#numeric; entities supported.
Escape <, >, &, quotes to HTML entities; or decode entities back. Common for templates and XSS-safe output.
Read the full guide: Markdown, HTML, and Plain Text: Conversion and Safety β
Privacy: processed locally, never uploaded.
β Paste in the input area below to see results instantly
Encode converts <, >, & to entities; decode restores readable characters.
<p>Towalles & "tools"</p>
Special characters are escaped for safe use in HTML attributes or text nodes.
Escape <, >, &, quotes to HTML entities; or decode entities back. Common for templates and XSS-safe output.
Encode or decode
Encode for HTML output; decode to read entity strings.
Paste content
Named and &#numeric; entities supported.
Escaping user input in attributes, email templates, debugging HTML snippets from APIs.
When developing web pages, you may need to display HTML tags as text content rather than parsing them. For example, to show the string '<div>' on a page, writing it directly would be parsed by the browser as a tag. Encoding it to '<div>' ensures it displays correctly.
Another common scenario is handling user input. To prevent XSS attacks, special characters in user-submitted content should be converted to entities. For example, encoding '<script>' as '<script>' before storage ensures malicious code won't execute even if rendered.
Encoding and decoding are bidirectional, but order matters. Nested encoding can produce results like '&lt;' which can't be directly parsed. It's recommended to store raw data unencoded and only encode when displaying to avoid confusion from multiple encodings.
Not all characters need encoding. Regular text (like Chinese, letters, numbers) requires no processing. Focus only on the five special characters: < > & " '. Over-encoding, while harmless, increases data size and should be avoided in performance-sensitive scenarios.
Input
<div>"hi"</div>
Output
<div>"hi"</div>
No. HTML entities are for markup; URL encoding is for addresses and query strings.
A single character typically adds 3-6 bytes when encoded (e.g., < β <). For text with many special symbols, size may increase 4-5x. But in modern web traffic, this is negligible unless processing millions of characters.