Convert HTML special characters to their safe entity equivalents (and back) so markup displays as text instead of being interpreted by the browser.
How it works
- Select whether to Encode (escape) or Decode HTML.
- Paste your raw text or HTML block into the editor.
- Copy the safely encoded entities for use in your web application.
Frequently asked questions
Why must I encode HTML?
Encoding is mandatory to display code snippets literally on a webpage and to prevent malicious Cross-Site Scripting (XSS) attacks.
Which specific characters get encoded?
The five reserved characters that have execution meaning in HTML: ampersand, less-than, greater-than, double quote, and single quote.
Is HTML encoding the exact same thing as sanitizing?
No. Encoding simply makes text mathematically safe to display. Sanitizing involves actively stripping dangerous script tags out of the content.