HTML Entity Encoder & Decoder

Type or paste text and get the HTML-entity-encoded version, or paste an entity-laden string and read it back as plain text. Three encoding strategies, one click to copy.

What are HTML entities?

HTML reserves five characters for its own syntax: < > & " '. To use them as literal text, you have to escape them as entities: <, >, &, ", '. Beyond the reserved set, every Unicode codepoint can be expressed numerically as &#NN; (decimal) or &#xNN; (hex), or by a named alias for common ones (©, —, €).

Modern browsers, modern frameworks (React, Vue, Svelte) and modern templating engines auto-escape values when rendering, so you rarely write HTML entities by hand. But you'll still encounter them in legacy XML, RSS feeds, email templates, RSS-to-blog migrations, and copy-paste from a Word doc into a CMS that didn't normalise quotes.

How to use this tool

Pick the mode: Encode (text → entities) or Decode (entities → text).
When encoding, choose a strategy: Minimal escapes only the five HTML-special characters; Named uses readable aliases like —; Numeric encodes any non-ASCII as &#NN;. Choose the right one for your context.
Paste your input on the left; the output appears on the right. Click Copy to grab it. Decoding uses the browser's native HTML parser so every standard entity is supported automatically.

Frequently asked questions

Which strategy should I use?

Minimal for text destined for HTML body content (the framework will handle the rest). Named for human-readable export (RSS, email templates) where you want © instead of ©. Numeric when transmitting through systems that may not handle non-ASCII safely (legacy SMTP gateways, ASCII-only logs).

Why does decoding 'just work' for entities I didn't expect?

Because we use the browser's HTML parser via a textarea trick. The parser knows the full HTML5 entity table, so things like &check; or &uharr; decode correctly without us shipping the table.

Is ' safe in HTML?

' is a valid HTML5 entity but was not in the original HTML 4 spec. Older browsers (IE6-7) didn't recognise it. Today every browser does, but if you're generating XML or older HTML, prefer ' for the apostrophe to stay maximally compatible.

What about emoji?

Emoji are valid Unicode codepoints, so the numeric strategy will encode '🎉' as '🎉'. They render fine in modern browsers either as raw UTF-8 or as the numeric entity. Choose based on whether your downstream system handles UTF-8 reliably.

Are my texts private?

Yes. Encoding and decoding happen entirely in your browser. Your text never reaches our servers, so the tool is safe even with confidential content.

Common use cases

Where HTML entity work crops up.

Pasting code into HTML documentation

Showing '<div>' as literal text in documentation requires escaping. Run your code snippet through the encoder before dropping it into a <pre><code> block.

Cleaning legacy CMS exports

Some CMSes export content with double-encoded entities ('&amp;'). Decode once to get '&', decode again to get '&'. The tool makes a one-click round-trip painless.

Email templates

Email clients vary in their UTF-8 handling. Encoding non-ASCII as numeric entities (€ → €) ensures consistent rendering across Outlook, Gmail and corporate webmail.

Reading RSS or Atom feeds

RSS items often contain HTML-encoded text. Paste a suspicious item's description into the decoder to see what the actual prose looks like.

Tips and shortcuts

Habits that prevent encoding bugs.

Don't double-encode

If you escape a value and your framework escapes it again on render, the output will show literal '&' instead of '&'. Most modern frameworks (React, Vue, Svelte) auto-escape, so just pass plain text.

Beware of attribute context

Inside HTML attributes, you must additionally escape ' and " and the framework you use may not. Use the Minimal encoding for attribute values to be safe.

Server-side render in UTF-8

If your server emits UTF-8 (the modern default), you don't need numeric entities for non-ASCII characters. Reserve numeric encoding for transports that may not be UTF-8 clean.

Use a sanitiser for user input

If you need to allow some HTML from users (a comments box, a markdown renderer), don't roll your own escaping — use DOMPurify or your framework's sanitiser. Naive escaping leaves XSS holes.