HTML Entity Encoder / Decoder
Escape special characters like &, <, and > into safe HTML entities, or decode named and numeric entities back into plain text — instantly and entirely in your browser.
Your text is processed entirely in your browser — nothing is uploaded or stored.
Understanding the HTML Entity Encoder / Decoder
The HTML Entity Encoder / Decoder converts special and non-ASCII characters into safe HTML entities and back again. Encoding escapes the five reserved characters (& < > " ') into named entities and turns every accented letter, symbol, or emoji into a numeric entity so it renders correctly inside HTML. Decoding reverses the process, restoring named, decimal, and hexadecimal entities to plain text. It is built for web developers, content editors, and anyone pasting code or copy into HTML who needs to avoid broken markup or injection. Everything runs locally in your browser — your text is never uploaded, logged, or stored.
How it works
For encoding, the tool first replaces every ampersand with & so existing characters aren't double-escaped, then swaps < > " and ' for their named entities (<, >, ", '). It next walks the string character by character using code points, and any character above 127 (accents, symbols, emoji, including astral-plane characters) becomes a numeric entity like é or 😀. For decoding, the input is parsed as an HTML document with the browser's built-in DOMParser and the resulting textContent is read back, which natively resolves named, decimal (©), and hexadecimal (©) entities in one pass.
Worked example
Type <p>Café © 2026</p> in Encode mode. The tool escapes the angle brackets and converts the non-ASCII characters, producing <p>Café © 2026</p> — safe to drop straight into an HTML file. Switch to Decode mode, paste that exact string back, and it returns the original <p>Café © 2026</p>. The é (code point 233) and © (code point 169) round-trip perfectly, and an emoji like 😀 would encode to 😀 and decode right back.
Tips & common mistakes
- Encode user-supplied or pasted text before inserting it into HTML to prevent broken layout and reduce cross-site scripting risk.
- Always process the ampersand (&) first when encoding, otherwise the & inside entities you add gets escaped again into &amp;.
- Both decimal (©) and hexadecimal (©) numeric forms decode to the same character — emoji are often written in hex like 😀.
- Single quotes have no universally supported named entity (' fails in older HTML), so this tool outputs the safe numeric ' instead.
- Encoding here targets HTML — it is not the same as URL percent-encoding (%20) or Base64; use the matching tool for those contexts.
- Whitespace, tabs, and line breaks are preserved as-is, so your formatting survives a full encode-then-decode round trip.
Related tools
Frequently Asked Questions
Does it decode numeric entities like ©?
Yes. The decoder handles named entities (&, ©), decimal numeric entities (©), and hexadecimal numeric entities (©) — all are converted back to their original characters.
Does it handle emoji and other Unicode?
Yes. When encoding, every non-ASCII character — including accented letters and emoji — is converted to a numeric entity such as 😀. Decoding turns those numbers back into the original characters.
Is my text private?
Yes. All encoding and decoding happen locally in your browser using JavaScript. Your text is never uploaded to a server or stored anywhere.