HTML Entities Encode / Decode 🔒 Your data never leaves your browser.

Escape special characters for HTML, or turn & back into &.

About this tool

Five characters are dangerous in raw HTML: &, <, >, " and '. Left unescaped in user content, they break markup — or worse, open the door to XSS injection. Encoding turns them into entities like &amp; that render as text instead of executing as markup.

This tool encodes and decodes instantly in both directions, with an option to also escape every non-ASCII character as a numeric entity for legacy systems. Everything runs client-side in your browser.