HTML Entity Encoder & Decoder
Encode special characters to HTML entities, decode them back, or unescape JavaScript string literals. Includes a searchable reference table of 150+ named HTML entities.
HTML Entity Encoder and Decoder
Rate this tool
Three modes, three output formats, and 150+ searchable entities
Most HTML entity encoders offer a single encode function with no reference table and no format choice. This tool provides three distinct modes — Encode, Decode and JS Unescape — with three output formats (named, decimal, hex) and a searchable reference table of 150+ named HTML entities you can click to copy directly.
How to encode and decode HTML entities
LazyTools vs other HTML entity encoders
| Feature | ⭐ LazyTools | htmlentities.org | codebeautify.org | onlinestringtools.com |
|---|---|---|---|---|
| Encode HTML entities | ✔ | ✔ | ✔ | ✔ |
| Decode HTML entities | ✔ | ✔ | ✔ | ✔ |
| JS string unescape | ✔ | ✘ | Partial | ✘ |
| Named / decimal / hex output | All 3 | Named only | 2 formats | Named only |
| Minimal vs all-non-ASCII scope | ✔ | ✘ | ✘ | ✘ |
| Searchable entity reference table | 150+ entities | ✘ | ✘ | ✘ |
| No ads | ✔ | ⚠ Ads | ⚠ Ads | ⚠ Ads |
| No login required | ✔ | ✔ | ✔ | ✔ |
The five critical HTML characters
These five characters must always be encoded in HTML content. Failing to encode them causes broken markup, rendering errors or XSS vulnerabilities.
| Char | Name | Named entity | Decimal | Hex | Why encode? |
|---|---|---|---|---|---|
| & | Ampersand | & | & | & | Starts all entity references. Raw & in text breaks entity parsing. |
| < | Less-than | < | < | < | Opens HTML tags. Raw < in text is interpreted as a tag start. |
| > | Greater-than | > | > | > | Closes HTML tags. Less critical but required for valid markup. |
| " | Double quote | " | " | " | Terminates double-quoted attribute values. Must encode inside attributes. |
| ' | Single quote | ' / ' | ' | ' | Terminates single-quoted attribute values. Must encode inside attributes. |
HTML Entity Encoder and Decoder — Complete Guide
HTML entities are a way to represent characters in HTML that either have special meaning in the markup language or cannot be typed directly in ASCII. An entity consists of an ampersand, a name or number, and a semicolon: & represents the ampersand character itself, < represents the less-than sign, and © represents the copyright symbol. Understanding when and how to encode HTML entities is fundamental to writing secure, valid web pages.
HTML entity encoder decoder online free
An online HTML entity encoder converts plain text containing special characters into their HTML entity equivalents. The five characters that must always be encoded in HTML body content are the ampersand (&), less-than sign (<), greater-than sign (>), double quote ("), and single quote ('). In attribute values, the quote characters are especially important because they terminate the attribute string. Failing to encode these characters can produce broken markup, unexpected rendering or, in dynamic web applications, cross-site scripting (XSS) vulnerabilities where user input containing <script> tags is interpreted as HTML.
Escape special characters HTML online
When user-generated content is inserted into an HTML page without encoding, an attacker can inject script tags or event handler attributes. The minimal safe encoding strategy is to encode all five critical characters before placing any string into HTML content or attributes. For maximum safety in multilingual content — particularly when the page encoding may be uncertain — all characters above U+007F (non-ASCII) can also be encoded as numeric references. This is the All non-ASCII mode in this encoder, which produces output that is safe in any character encoding environment.
HTML entities reference table with encoder
Named HTML entities cover a wide range of characters beyond the five critical ones. Common ones include: © (copyright symbol ©), ® (registered trademark ®), ™ (trademark ™), € (euro sign €), £ (pound sign £), ¥ (yen sign ¥), — (em dash —), – (en dash –), (non-breaking space), « and » (French quotation marks « »). The Entity Reference tab in this tool provides a searchable grid of 150+ named entities you can copy in any format.
HTML unescape online free
HTML decoding (unescaping) converts encoded entities back to their original characters. This is necessary when reading HTML source code that contains encoded content, when processing HTML stored in a database or CMS, or when working with content from an API that returns HTML-encoded strings. The decoder handles all three entity formats: named entities (& → &), decimal numeric references (& → &), and hexadecimal references (& → &). Malformed entities (missing semicolons or unknown names) are passed through unchanged.
JavaScript string escape tool
JavaScript string literals use backslash escape sequences rather than HTML entities. The most common are \n (newline character, U+000A), \t (horizontal tab, U+0009), \r (carriage return, U+000D), \\ (literal backslash), \' (single quote), \" (double quote), and \uXXXX (Unicode escape for any character by its four-hex-digit code point). The JS Unescape mode in this tool converts these escape sequences to their actual characters. This is useful when dealing with JSON strings that have been serialised with escape sequences, log files, database content or API responses that contain JavaScript-encoded text.
XML entity encoder
XML uses the same five critical entity references as HTML: &, <, >, " and '. Unlike HTML, XML does not have named entities beyond these five — all other characters must be represented as numeric references (© for copyright, etc.) or as actual Unicode characters in a UTF-8 encoded document. The Minimal encoding mode in this encoder produces output valid for both HTML and XML. When targeting XML specifically, use the Named format option and ensure your XML document declares UTF-8 encoding in the XML declaration.