HTML Encode / Decode

Escape HTML special characters, or decode entities back.

Quick answer: Encode and decode HTML entities safely online. Convert brackets to < and > to prevent XSS attacks. Free browser-based developer tool.

processed locally — nothing leaves your browser

Convert HTML special characters to their safe entity equivalents (and back) so markup displays as text instead of being interpreted by the browser.

How it works

  1. Select whether to Encode (escape) or Decode HTML.
  2. Paste your raw text or HTML block into the editor.
  3. Copy the safely encoded entities for use in your web application.

Frequently asked questions

Why must I encode HTML?

Encoding is mandatory to display code snippets literally on a webpage and to prevent malicious Cross-Site Scripting (XSS) attacks.

Which specific characters get encoded?

The five reserved characters that have execution meaning in HTML: ampersand, less-than, greater-than, double quote, and single quote.

Is HTML encoding the exact same thing as sanitizing?

No. Encoding simply makes text mathematically safe to display. Sanitizing involves actively stripping dangerous script tags out of the content.

More in Developer Tools