What are HTML Entities?

HTML entities are special character sequences that represent reserved or special characters in HTML. They start with an ampersand (&) and end with a semicolon (;).

Entity Types

• Named: < > & © ™
• Decimal: < > & (using character code)
• Hexadecimal: < > & (using hex code)

When to Use Entities

• Display HTML tags as text (<div> instead of rendering)
• Prevent XSS attacks by encoding user input
• Display special characters that have meaning in HTML
• Ensure proper rendering across different browsers/encodings

Security Implications

Critical: Always encode user input before displaying in HTML to prevent XSS attacks. Characters like <, >, ", ', and & must be encoded.

Warning: Be careful when decoding entities from untrusted sources, as malicious actors may use entity encoding to obfuscate XSS payloads.

Common Entities Reference