An HTML entities converter escapes special characters so they render as text instead of being parsed as HTML — and decodes them back. If you've ever pasted code into a blog post and seen it disappear, you needed this tool.
This guide covers the must-know entities, when to escape, and how to handle Unicode characters cleanly.
Encode/Decode HTML Entities — Free
Convert special characters to entities and back. Named or numeric.
Must-Know HTML Entities
| Char | Named Entity | Numeric Entity |
|---|---|---|
| & | & | & |
| < | < | < |
| > | > | > |
| " | " | " |
| \' | ' | ' |
| (non-breaking space) | |   |
| © | © | © |
| ® | ® | ® |
| ™ | ™ | ™ |
| — | — | — |
When to Escape
- Showing code in a blog — Wrap in
<pre>AND escape<,>,&. - User input in HTML — Always escape to prevent XSS attacks.
- Special characters in attributes — Escape quotes inside attribute values.
- Angle brackets in text — Math expressions like "x < 10" need
<. - Symbols not in the keyboard — © ® ™ ° ± × ÷.
Named vs. Numeric Entities
Two ways to write any entity:
- Named —
©,—. Readable but only ~250 are defined. - Numeric (decimal) —
©. Works for any Unicode codepoint. - Numeric (hex) —
©. Also any codepoint, often shorter.
Use named when available (more readable). Fall back to numeric for rare characters or emoji.
Security: Why This Matters
The most common XSS attack abuses unescaped user input. If a user submits <script>alert(1)</script> as a comment and you render it directly, the script runs.
Escape user input before inserting into HTML:
// Bad
container.innerHTML = userInput;
// Good
container.textContent = userInput;
// or
container.innerHTML = escapeHtml(userInput);Modern frameworks (React, Vue) escape by default. Only manual concatenation is dangerous.
Common Gotchas
- Always escape
&first — otherwise<becomes&lt;. - Don't escape inside
<script>blocks — different escaping rules apply (use \u escapes). 'isn't valid in HTML 4 — use'for older docs.- Some CMSs double-encode (turn
&into&amp;) — disable auto-escape if pasting pre-escaped content.
How to Use the Tool (Step by Step)
- 1
Pick Direction
Encode (text → entities) or decode (entities → text).
- 2
Paste Input
Plain text or HTML with entities.
- 3
Pick Mode
Named entities or numeric, basic or all chars.
- 4
Convert
See the encoded/decoded output.
- 5
Copy
Use in your HTML, blog, or comment.
Frequently Asked Questions
When do I need to escape?+−
Whenever showing code, user input, or special chars (<, >, &, ") inside HTML. Modern frameworks escape automatically.
Should I use named or numeric entities?+−
Named when available (readable). Numeric for Unicode chars beyond the named list.
Why does my & turn into &amp;?+−
Double-encoding. Either your input was already encoded or the tool encoded twice. Decode once first.
Do I need to escape in JavaScript strings?+−
No — JS uses different escaping (\u00A9 for ©). HTML entities only work in HTML context.
Can entities prevent XSS?+−
Yes — escaping user input before inserting into HTML is the standard XSS prevention.
Encode/Decode HTML Entities — Free
Convert special characters to entities and back. Named or numeric.
Open HTML Entities Converter ->Related Guides
Base64 Encode & Decode — What It Is, How It Works & When to Use It
Developer guide to Base64 encoding: use cases, online decoder, and common pitfalls
JSON Formatter Guide
A complete developer reference for JSON syntax, common errors, formatting options, and how to validate JSON in any language or tool.