HTML Encoder / Decoder
Encode and decode HTML entities online.
How to use HTML Encoder / Decoder
Paste your HTML content into the input field
Click the large text area labeled 'Input' on the left side of the tool. Paste your HTML code or text containing special characters that you want to encode or decode. You can paste up to 1MB of content.
Select encode or decode mode using the toggle button
Click the 'Encode' or 'Decode' button located above the input field. The button will highlight to show your active selection. Encoding converts special characters to HTML entities (e.g., & becomes &). Decoding reverses this process.
View the converted output in the right panel
The conversion happens automatically and displays instantly in the 'Output' text area on the right side. Your converted HTML will appear character-for-character with all entities properly transformed.
Copy the result using the copy button
Click the 'Copy to Clipboard' button below the output area. A confirmation message will appear showing the content has been copied. Paste the result into your code editor, email, or document using Ctrl+V (or Cmd+V on Mac).
Related Tools
URL Encoder / Decoder
Encode and decode URLs and query strings. Escape special characters for safe URL usage.
Base64 Encoder / Decoder
Encode and decode Base64 strings online. Also supports file to Base64 encoding for data URIs.
HTML Formatter
Format and beautify HTML code online. Indent, clean, and minify HTML instantly.
HTML encoder decoder online: convert characters to entities and back
HTML encoder decoder online: convert characters to entities and back
Convert special characters to HTML entities (&, <, >) and decode them back to readable text, ToolHQ's HTML encoder decoder runs entirely in your browser. Processed in your browser, no text is sent anywhere.
An HTML encoder converts characters that have special meaning in HTML (like <, >, &, and ") into their safe entity equivalents. An HTML decoder reverses that process, it takes entity-encoded text and produces the original characters. ToolHQ's tool does both in one place.
You need HTML encoding whenever you want to display text that contains HTML characters without the browser interpreting them as markup. You need decoding when you receive encoded content from a database, API, or CMS and need to read the original text.
Key takeaways
- HTML encoding replaces special characters with named entities (<) or numeric entities (<)
- Encoding is essential for displaying HTML code examples on web pages without them rendering
- Encoding user input before displaying it on a page is a basic defense against XSS attacks
- ToolHQ encodes AND decodes in one tool, processed in your browser, no text is sent anywhere
- The 10 most common entities cover the vast majority of everyday encoding needs
What HTML entities are and why they exist
HTML uses certain characters as syntax markers. The angle brackets < and > mark the start and end of tags. The ampersand & starts entity references. The double quote " delimits attribute values. If you put these characters directly into HTML content, the browser may misinterpret them as markup.
HTML entities are escape sequences that represent these characters safely. They come in two forms:
Named entities: Human-readable names prefixed with & and suffixed with ;. Example: < represents the less-than sign <. Named entities exist for many common symbols and characters.
Numeric entities: Decimal or hexadecimal Unicode code points. Example: < (decimal) or < (hex) both represent <. Every Unicode character can be represented as a numeric entity, even if it has no named form.
The W3C HTML character reference lists every named entity in the HTML specification. The Wikipedia article on HTML character references covers the history and technical background.
The 10 most common HTML entities
These entities cover the overwhelming majority of everyday encoding needs:
| Character | Named entity | Numeric entity | When you need it |
|---|---|---|---|
| & (ampersand) | & | & | In all text content, ampersand must always be encoded |
| < (less-than) | < | < | Displaying code, math expressions, HTML examples |
| > (greater-than) | > | > | Closing tags in code examples, comparisons |
| " (double quote) | " | " | Inside HTML attribute values quoted with double quotes |
| ' (apostrophe) | ' | ' | Inside HTML attribute values quoted with single quotes |
| (non-breaking space) | |   | Preventing line breaks, spacing in table cells |
| © (copyright) | © | © | Footer copyright notices |
| ® (registered) | ® | ® | Trademark symbols |
| ™ (trademark) | ™ | ™ | Product names with trademark symbols |
| , (em dash) | — | — | Long dashes in prose (CSS style: use instead of literal character) |
The ampersand entity & is the one most often missed. If your text contains AT&T and you HTML-encode it, the result should be AT&T, even in plain body text, raw ampersands in HTML can cause parsing issues in some contexts.
When you need HTML encoding
Displaying code examples on web pages: If you are writing a tutorial about HTML and want to show the tag <div class="container">, you cannot paste it directly into your page, the browser will render it as an actual div, not display the text. You need to encode it: <div class="container">.
CMS and blog content: Some CMS platforms store content with HTML-encoded special characters. When you export or import content, you may receive encoded text that needs decoding to be readable.
Email templates: HTML emails use entity encoding for special characters because email clients have inconsistent HTML support. The &nbsp; entity for non-breaking spaces is especially common in email spacing.
Security, XSS prevention: Cross-site scripting (XSS) attacks inject malicious HTML or JavaScript into pages through user input. If someone submits <script>alert('hacked')</script> into a comment form and you display it unencoded, the browser executes it. Encoding the input to <script>...</script> makes it display as text, not execute as code. HTML encoding is one layer of XSS defense, never display raw user input without encoding it.
Scraping and data pipelines: When you scrape web content or receive HTML via an API, the text often contains encoded entities. Decoding converts &amp; back to & and &lt; back to < for clean processing.
Thiago, a content developer at a tech company, was writing documentation that included dozens of HTML code examples. Every time he pasted a tag into the CMS, it rendered as actual HTML instead of displaying the code. He used ToolHQ's HTML encoder to paste in his code blocks and get the entity-encoded version in one click. He set up a workflow: write code example, paste into encoder, copy encoded version to CMS. His documentation published correctly the first time, every time.
Encode or decode HTML entities now, free at ToolHQ
How to use ToolHQ's HTML encoder decoder
To encode:
- Open https://www.toolhq.app/tools/html-encoder-decoder.
- Paste your text containing special characters into the input.
- Click Encode (or select Encode mode).
- Copy the entity-encoded output.
To decode:
- Switch to Decode mode.
- Paste text containing HTML entities (
<,&,", etc.). - Click Decode.
- The original characters appear in the output.
The tool handles all named HTML entities and decimal/hexadecimal numeric entities. It processes your text entirely in your browser, no text is sent anywhere.
Named vs. numeric entities: which to use
Both types represent the same characters. Named entities are more readable in source code; numeric entities are more universal.
Use named entities when: Writing HTML by hand, writing code examples for documentation, or any context where humans will read the source code. &lt; is immediately recognizable.
Use numeric entities when: You need to represent a character that has no named entity, or you are generating entity-encoded content programmatically and want consistent decimal/hex output.
For the core five characters (< > & " '), named entities are standard. For special symbols (mathematical operators, currency symbols, arrows, emoji), you usually need numeric entities or can just use the UTF-8 characters directly if your page declares UTF-8 encoding.
Related encoding tools: the URL encoder decoder handles percent-encoding for URLs, and the base64 encoder encodes binary data for text-safe transmission. For text conversions, the text to binary tool is in the same family.
Nadia, a QA engineer testing a multi-language web application, needed to verify that the app correctly stored and displayed text containing special characters, ampersands in company names, angle brackets in chemical formulas, copyright symbols. She used ToolHQ's HTML encoder to create a test string containing all the edge cases, encoded it to verify the entity representation, then pasted the decoded version back to confirm the round-trip was lossless. She added the encoded test strings to the regression test suite.
Frequently asked questions
What is the difference between < and <?
Both represent the less-than character <. < is the named entity, a human-readable name defined in the HTML specification. < is the decimal numeric entity, the Unicode code point for < in decimal. They are interchangeable in any HTML context.
Do I need to encode apostrophes in HTML?
In HTML content (text nodes), apostrophes are safe as literal characters. Encoding them as ' or ' is only necessary when the apostrophe appears inside a single-quoted attribute value (onclick='it\'s a problem').
What characters must always be encoded in HTML?
The ampersand & must always be encoded as & in HTML content. The angle brackets < and > must be encoded when they would otherwise be interpreted as tag markers. The double quote " must be encoded inside double-quoted attributes.
Does encoding protect against all XSS attacks?
HTML encoding is one layer of protection, not a complete defense. Encoding text before inserting it into HTML content prevents HTML injection. But if you insert encoded content into a JavaScript string or a CSS value, different escaping rules apply. A complete XSS defense requires context-aware escaping, different rules for HTML, JavaScript, CSS, and URL contexts.
What is a non-breaking space and when do I use it?
(non-breaking space) is a space character that prevents the browser from inserting a line break at that point. Use it to keep words together (like a number and its unit: "10 km") or to add spacing in table cells where a regular space would collapse.
The short version
HTML entities let you display special characters safely in web content without them being interpreted as markup. The five characters that must be encoded in HTML are &, <, >, ", and ', the rest are optional for convenience or Unicode compatibility.
ToolHQ's HTML encoder decoder handles both directions in one tool, runs entirely in your browser, and never sends your text anywhere. Paste and click, the encoded or decoded output is ready to copy.
For related encoding workflows, use the URL encoder decoder for percent-encoding URLs and the HTML formatter for cleaning up HTML markup structure.
Encode or decode HTML entities free, browser-based, instant