HTML Entity Encoder / Decoder

Escape or unescape HTML entities like &.

Free online HTML entity encoder and decoder

Escape or unescape HTML instantly. In Encode mode this tool replaces the five characters that matter most in markup — &, <, >, ", and ' — with safe entities so text displays literally instead of being parsed as tags. In Decode mode it turns entities such as &amp; or &#169; back into their original characters. It is ideal for pasting code samples into a page, sanitising user-generated content, cleaning up scraped HTML, and debugging API responses. Everything happens live in your browser as you type.

How to encode or decode HTML entities

  1. Choose Encode to escape text, or Decode to unescape entities.
  2. Type or paste your content into the input box on the left.
  3. Read the converted result in the output box — it updates automatically.
  4. When encoding, tick Encode all non-ASCII to numeric entities to force pure-ASCII output.
  5. Use Swap for a quick round trip, then Copy output or Clear.

Named vs numeric entities

A named entity spells the character out, like &lt; for a less-than sign, while a numeric entity uses the character’s code point, like &#60;. This encoder writes the reserved characters as the well-supported names &amp;, &lt;, &gt;, and &quot;, and uses the numeric &#39; for the apostrophe for maximum compatibility. If you are preparing data for a URL query string instead of page markup, reach for the URL encoder / decoder, or convert binary-safe payloads with the Base64 encoder.

Safe decoding in your browser

Decoding uses the browser’s own HTML parser: the input is assigned to a detached element and read back as plain text, which resolves named and numeric entities without executing any scripts or fetching anything. Because the whole tool runs client-side, nothing you paste ever leaves your device, so it is safe to work with private or sensitive content.

Frequently asked questions

What are HTML entities?

HTML entities are special codes that represent characters which have meaning in HTML markup or are hard to type. Reserved characters such as the less-than sign, greater-than sign, and ampersand are written as named entities like &lt;, &gt;, and &amp; so the browser renders them as literal text instead of interpreting them as tags. Any character can also be written as a numeric entity such as &#169; for the copyright symbol.

How do I encode text to HTML entities?

Select Encode, then type or paste your text into the input box. The tool instantly replaces the five reserved characters — ampersand, less-than, greater-than, double quote, and single quote — with safe entities. Enable ‘Encode all non-ASCII to numeric entities’ to also convert accented letters, emoji, and other Unicode to numeric codes. Click Copy output to grab the escaped result.

How do I decode HTML entities back to text?

Switch to Decode mode and paste HTML that contains entities. The decoder uses your browser's own HTML parser to convert both named entities (like &copy;) and numeric entities (like &#8364;) back to their original characters, without running any scripts. This makes it a safe way to unescape HTML you copied from a web page or an API response.

What does 'Encode all non-ASCII to numeric entities' do?

When checked, every character above code point 127 — accented letters, symbols, emoji, and other Unicode — is converted to a numeric entity in the form &#NNNN;. This guarantees the output is pure ASCII, which is useful for legacy systems, email templates, or files that must avoid non-ASCII bytes. Leave it unchecked to keep Unicode characters as-is and only escape the reserved HTML characters.

Why should I escape HTML characters?

Escaping reserved characters stops them from being interpreted as markup. If you output user input or code samples without escaping, a stray less-than sign can break your layout or open the door to cross-site scripting (XSS). Converting them to entities makes the browser show the literal characters instead. It is a core step whenever you place untrusted text into an HTML page.

Is my text sent to a server?

No. All encoding and decoding runs entirely in your browser with JavaScript, and decoding uses the browser’s built-in parser locally. Nothing you paste is uploaded, logged, or stored, so it is safe to convert private or sensitive content.