Encode and decode HTML entities
Encode HTML entities for safe text insertion into HTML documents.
Replaces special characters: < with <, > with >, & with &, " with ".
Prevents XSS attacks and incorrect display of HTML code on the page.
HTML Entities — Encoding and Decoding HTML Characters
HTML entities are special character sequences for displaying characters that have special meaning in HTML (<, >, &) or are absent from the keyboard. Encoding is essential for XSS prevention and correct content display.
Common HTML Entities
| Character | Named | Decimal | Hex |
|---|---|---|---|
| & | & | & | & |
| < | < | < | < |
| > | > | > | > |
| " | " | " | " |
| Non-breaking space | |   |   |
| © | © | © | © |
Named vs Numeric Entities
Named (&) — readable, memorable. Decimal numeric (&) — works for any Unicode character. Hex numeric (&) — same in hex notation. All three are equivalent.
XSS Prevention
XSS (Cross-Site Scripting) injects malicious JS through user input. HTML entity encoding prevents tags from being interpreted: <script>alert(1)</script> is displayed as text, not executed. Always encode user input before outputting to HTML.
Frequently Asked Questions
When should HTML entities be encoded?
Always when outputting user content in HTML, especially in tag attributes and script contexts.
Do non-ASCII characters need encoding?
In UTF-8 documents — no. Browsers display Unicode correctly without encoding.
What is the difference between and a regular space?
A non-breaking space prevents line breaks at that position and guarantees multiple consecutive spaces are displayed.
For URL encoding use URL Encoder, for Base64 — Base64 encoder.
Useful articles
WCAG Color Contrast: Website Accessibility Guide
A complete guide to color contrast: WCAG 2.1 standards, AA and AAA levels, calculation formula, practical examples of good and bad contrast, and how to fix accessibility issues.
CSS Border Radius: Rounding Element Corners
How to use border-radius: syntax, shorthand notation, elliptical corners. Online border-radius generator.