HTML entity encoder

How to use the HTML entity encoder

1. Paste text containing special characters (< > & " ', or high-unicode glyphs).
2. Pick encode direction: character → entity (&amp;) or entity → character.
3. Toggle named entities (&copy;) vs numeric (&#169;) — numeric is universal, named is more readable.
4. Copy the result.

When to use it

Encode user-generated content before injecting it into HTML to prevent XSS — though most modern frameworks (React, Vue, Svelte) escape by default. Use this tool for one-off manual escaping in static HTML, CMS content, email templates, or debugging. Alternative: your template engine's native escape function is faster and more reliable for programmatic code paths.

Frequently asked questions

Which characters absolutely must be encoded in HTML?

The five core: < > & " '. Anything else is optional or context-dependent. Mojibake unicode can also be entity-encoded for safety across legacy mail clients or old CMSes.

Named entities vs numeric — which is better?

Numeric entities work in every HTML/XML renderer ever made. Named entities (&nbsp;, &copy;) are easier to read but vary by XML vs HTML context. Pick numeric for email HTML, named for source code you'll hand-edit.

Does React automatically HTML-encode?

Yes — anything you interpolate with {value} is escaped. dangerouslySetInnerHTML bypasses that, which is the only place you need manual encoding.

Can I entity-encode emoji?

Yes — &#128512; is 😀. Most modern rendering does not require it; emoji render as-is from UTF-8 source. Encoding is only useful for legacy environments.

Related tools

• Free URL Encoder & Decoder
• Free Base64 Encoder/Decoder
• Free Text Case Converter
• Free Meta Tag Generator