HTML Entity Encoder/Decoder

Convert between plain text and HTML entities with security analysis

Statistics

0
Input Chars
0
Output Chars
0
Total Entities
0
Named
0
Decimal
0
Hex
0.00x
Ratio

Quick Examples

About HTML Entities

What are HTML Entities?

HTML entities are special character sequences that represent reserved or special characters in HTML. They start with an ampersand (&) and end with a semicolon (;).

Entity Types

  • Named: < > & © ™
  • Decimal: < > & (using character code)
  • Hexadecimal: < > & (using hex code)

When to Use Entities

  • Display HTML tags as text (<div> instead of rendering)
  • Prevent XSS attacks by encoding user input
  • Display special characters that have meaning in HTML
  • Ensure proper rendering across different browsers/encodings

Security Implications

Critical: Always encode user input before displaying in HTML to prevent XSS attacks. Characters like <, >, ", ', and & must be encoded.

Warning: Be careful when decoding entities from untrusted sources, as malicious actors may use entity encoding to obfuscate XSS payloads.

Common Entities Reference

&lt; → <
&gt; → >
&amp; → &
&quot; → "
&apos; → '
&copy; → ©
&reg; → ®
&trade; → ™
&euro; → €
&pound; → £
&nbsp; → (space)
&hellip; → …