HTML Entities Encode / Decode 🔒 Your data never leaves your browser.
Escape special characters for HTML, or turn & back into &.
About this tool
Five characters are dangerous in raw HTML: &, <, >, " and '. Left unescaped in user content, they break markup — or worse, open the door to XSS injection. Encoding turns them into entities like & that render as text instead of executing as markup.
This tool encodes and decodes instantly in both directions, with an option to also escape every non-ASCII character as a numeric entity for legacy systems. Everything runs client-side in your browser.