What Are HTML Entities?
HTML entities are special character references used in HTML documents to represent characters that either have special meaning in HTML syntax or can’t be easily typed using a standard keyboard. Every HTML entity begins with an ampersand (&) and ends with a semicolon (;).
The most common HTML entities include & for the ampersand (&), < for the less-than sign (<), > for the greater-than sign (>), " for double quotes ("), and ' for single quotes ('). These five characters are the most frequently encoded because they have special meaning in HTML markup.
Why Encode HTML Entities?
Encoding HTML entities serves several purposes in web development:
Security (XSS Prevention): The most important reason is preventing Cross-Site Scripting (XSS) attacks. If user input containing HTML or JavaScript is rendered without encoding, an attacker could inject malicious scripts. Encoding ensures that <script> tags are displayed as text rather than executed.
Correct Rendering: Characters like < and > would otherwise be interpreted as HTML tags. Encoding them ensures they display as intended in the browser.
Special Characters: Characters outside the ASCII range, such as em dashes, copyright symbols, and accented letters, can be represented using entities to ensure consistent rendering across different character encodings.
How to Use the HTML Entity Encoder/Decoder
- Paste your text or HTML entities into the input area
- Click “Encode” to convert special characters to HTML entities, or “Decode” to convert entities back to characters
- Copy the result with the “Copy” button or
Ctrl+Shift+C
Common HTML Entities Reference
| Character | Named Entity | Numeric Entity | Description |
|---|---|---|---|
| & | & | & | Ampersand |
| < | < | < | Less than |
| > | > | > | Greater than |
| " | " | " | Double quote |
| ' | ' | ' | Single quote (apostrophe) |
|   | Non-breaking space | |
| © | © | © | Copyright |
| ® | ® | ® | Registered trademark |
| — | — | — | Em dash |
| € | € | € | Euro sign |
HTML Encoding vs URL Encoding
HTML encoding and URL encoding serve different purposes. HTML encoding converts characters for safe display in HTML documents, while URL encoding (percent-encoding) converts characters for safe transmission in URLs. For example, a space becomes in HTML encoding but %20 in URL encoding.
Use HTML encoding when inserting content into HTML pages, and URL encoding when building URLs or query strings. Many web frameworks handle HTML encoding automatically through template engines, but you should understand the difference to avoid double-encoding issues.
Best Practices for HTML Encoding
- Always encode user-generated content before rendering it in HTML
- Use your framework’s built-in encoding functions rather than manual string replacement
- Be aware of context-specific encoding — HTML attributes, JavaScript strings, and CSS values each require different encoding rules
- Don’t double-encode — if content is already encoded, decoding and re-encoding will produce incorrect results
- Consider using Content Security Policy (CSP) headers alongside encoding for defense in depth