We use cookies to understand how DevToolsHub is used and to improve your experience. You can choose which types of cookies to allow.
Encode and decode HTML entities for safe display in web pages.
Loading...
Loading...
HTML entities are special codes used in HTML to represent characters that either have special meaning in HTML markup (like &, <, and >) or characters that cannot be typed directly on a standard keyboard, such as ©, ®, ™, €, and °. Without entity encoding, characters like < would be interpreted by the browser as the start of an HTML tag, potentially breaking your markup or exposing your page to cross-site scripting (XSS) attacks.
HTML entities come in three forms. Named entities use a human-readable name wrapped in ampersand and semicolon, such as & for & or © for ©. Decimal numeric entitiesuse the character's decimal Unicode code point, like © for ©. Hexadecimal numeric entities use the hex code point, such as © for ©. All three forms are valid HTML and produce the same result when rendered by the browser.
The five most important named entities every developer should know are: & (&), < (<), > (>), " ("), and '('). These five characters are the backbone of HTML escaping — they prevent the browser from interpreting user input as HTML markup, which is the foundation of preventing XSS vulnerabilities in web applications.
Named entities like © and € are easier to read and remember, making them ideal for hand-written HTML and documentation. However, named entities only exist for a limited set of characters — roughly 250 in the HTML5 specification. For any character without a named entity, you must use the numeric form.
Numeric entities (&#nnn;) and hex entities (&#xHH;) can represent any Unicode character, from ASCII (0–127) to the full Unicode range (0–0x10FFFF). This makes them universally applicable. Hex entities are particularly popular in security contexts and XML documents because they are compact and unambiguous. Both decimal and hex forms produce identical results in the browser.
When choosing which mode to use, consider your audience. For human-readable HTML source code, named entities are preferable. For programmatic generation or when you need to encode characters beyond the named set, numeric or hex entities are the way to go. Our tool supports all three modes plus an “all characters” option that encodes every non-ASCII character, not just the five special HTML characters.
<, >, and & ensures that user input is treated as text, not as executable HTML.< and > characters so the browser displays them instead of interpreting them as tags.Loading...