is inserted into HTML unencoded, the script executes. Encoding prevents this."}}, {"@type": "Question", "name": "What is the difference between named and numeric entities?", "acceptedAnswer": {"@type": "Answer", "text": "Named entities like & are human-readable. Numeric like & use the Unicode code point. Both display identically in browsers."}}, {"@type": "Question", "name": "Does encoding affect how text looks to users?", "acceptedAnswer": {"@type": "Answer", "text": "No. < displays as < in the browser. Encoding is transparent to the user."}}, {"@type": "Question", "name": "Can encoding protect email addresses from spam bots?", "acceptedAnswer": {"@type": "Answer", "text": "Encoding All converts emails to numeric entities. Basic bots cannot parse this, but sophisticated scrapers can decode entities."}}, {"@type": "Question", "name": "What characters must always be encoded?", "acceptedAnswer": {"@type": "Answer", "text": "& (becomes &), < (becomes <), > (becomes >), \" (becomes ") and ' (becomes ') must always be encoded in HTML contexts."}}]}
HTML Entity Encoder & Decoder
Input HTML or Text
Paste content then choose Encode or Decode
Output

HTML Entity Encoder Decoder Online Free — Escape HTML Characters — Free Online Tool

Encode and decode HTML entities online free. Convert <, >, &, " and special characters to HTML entities and back. Encode all characters as numeric entities. No signup.

Free Forever
No Signup
No Upload
100% Private
Browser-based

Features

Built for real developer workflows. No fluff, just the tools you need.

<

HTML Encoding

Converts <, >, &, " and ' to their safe entity equivalents. Essential for embedding user content safely.

HTML Decoding

Converts HTML entities back to their original characters. Handles all named and numeric entities.

🔢

Encode All Characters

Converts every character to &#NNN; numeric entities — useful for obfuscating email addresses.

🛡️

XSS Prevention

Encoding user input before inserting it into HTML is a fundamental defence against Cross-Site Scripting attacks.

Instant

Encoding and decoding runs in JavaScript with no server contact.

🔒

Private

Your HTML templates never leave your browser.

How to use

Get results in seconds — no account, no file upload required.

1

Paste HTML or text

Paste the content you want to encode or decode.

2

Click Encode or Decode

Encode converts special chars to entities. Decode reverses the process. Encode All uses numeric entities for every character.

3

Copy the result

Click Copy to copy the output.

More free tools

Every tool at itsseven is free, private and browser-based.

{}JSON FormatterBeautify & minify JSONJSON ValidatorSyntax & schema checkerDiff CheckerCompare text & codeYAML ConverterYAML ↔ JSONb64Base64 ToolEncode & decode Base64#Hash GeneratorMD5, SHA-256, SHA-512🔑JWT InspectorDecode JWT tokens🔗URL EncoderEncode & parse URLs

Frequently asked questions

Why do I need HTML encoding?
Unencoded special characters can break page layout or create XSS security vulnerabilities. Encoding is a fundamental web security practice.
What is XSS?
Cross-Site Scripting injects malicious JavaScript by exploiting unencoded user input. If is inserted into HTML unencoded, the script executes. Encoding prevents this.
What is the difference between named and numeric entities?
Named entities like & are human-readable. Numeric like & use the Unicode code point. Both display identically in browsers.
Does encoding affect how text looks to users?
No. < displays as < in the browser. Encoding is transparent to the user.
Can encoding protect email addresses from spam bots?
Encoding All converts emails to numeric entities. Basic bots cannot parse this, but sophisticated scrapers can decode entities.
What characters must always be encoded?
& (becomes &), < (becomes <), > (becomes >), " (becomes ") and ' (becomes ') must always be encoded in HTML contexts.