HTML Entities Encode/Decode

Comprehensive Overview

The HTML Entities Encoder / Decoder converts characters like <, >, &, and quotes to their HTML entity equivalents (<, >, &) and vice versa. This is essential for safely embedding user content in HTML pages, preventing XSS (cross-site scripting) vulnerabilities, and displaying code snippets in web pages.

Key Features

• Two Encoding Modes — HTML special characters only (encodes < > & " ') or all non-ASCII characters (converts every character to its numeric entity like A).
• Bidirectional — Encode text to HTML entities or decode HTML entities back to readable characters.
• XSS Prevention — Encoding user input prevents browsers from interpreting text as HTML markup, blocking common XSS attack vectors.
• Code Display — Encode HTML code so it displays as visible text on a web page instead of being rendered as markup.

How to Use

1. Select the action: Encode to convert characters to entities, or Decode to convert entities back to characters.
2. Choose the encoding mode: HTML special chars for standard encoding, or All non-ASCII for full entity conversion.
3. Paste or type your text and click Process.
4. Copy the result to use in your HTML code.

Common HTML Entities

• < → < (less-than sign)
• > → > (greater-than sign)
• & → & (ampersand)
• " → " (double quote)
• ' → ' (apostrophe)
•   → non-breaking space
• © → © (copyright)

Technical Background

HTML entities were introduced in the HTML specification to represent characters that have special meaning in HTML markup. Named entities (like &) and numeric entities (like & or &) are supported by all browsers. In PHP, htmlspecialchars() encodes the five basic special characters, while htmlentities() converts all applicable characters. The ENT_QUOTES flag ensures both single and double quotes are encoded.