| Char | Entity | Numeric | Description |
|---|
HTML entities are special codes that represent characters which have reserved meaning in HTML or cannot be easily typed on a keyboard. The most important reserved characters are < and > (which define HTML tags), & (which starts entity references), and " (which delimits attribute values). When you want to display these characters as visible text rather than have the browser interpret them as HTML, you encode them as entities.
Entities come in two forms: named entities like &, <, and © that use human-readable names, and numeric entities like &, <, and © that use the character's Unicode code point. Named entities are easier to read in source code, but numeric entities can represent any Unicode character.
The primary reason to encode HTML entities is preventing XSS (Cross-Site Scripting) attacks. XSS is consistently ranked in the OWASP Top 10 web vulnerabilities. It works like this: if user input is inserted into a page without encoding, an attacker can submit <script>malicious code</script> and the browser will execute it as real JavaScript.
Proper HTML encoding converts those angle brackets to < and >, so the browser renders them as visible text instead of executing them. Every web framework provides an encoding function for this purpose, and most modern template engines (React JSX, Vue templates, Jinja2, Blade) encode output by default. However, any time you use "raw" or "unescaped" output, you are responsible for encoding user input yourself.
Displaying code samples: If you are writing a tutorial that shows HTML code, every < and > in the sample must be encoded, or the browser will try to render it as actual HTML.
Email templates: HTML emails are rendered by diverse email clients with varying standards support. Encoding special characters ensures consistent display across Gmail, Outlook, Apple Mail, and others.
CMS and user-generated content: Blog comments, forum posts, and profile bios must be encoded before display to prevent both XSS attacks and layout-breaking HTML from users who accidentally include angle brackets.
Special characters in content: Copyright symbols (©), trademark signs, currency symbols, mathematical operators, and arrows all have named HTML entities. Using entities ensures they render correctly regardless of the document's character encoding.
By default, this tool only encodes the five characters that must be escaped in HTML: &, <, >, ", and '. The "Encode all characters" option converts every single character to its numeric entity, which is useful when you need to obfuscate content (like email addresses to deter scrapers) or ensure absolute safety when inserting text into unusual HTML contexts.
The reference table below lists common named entities. Named entities like © are supported in all modern browsers and are easier to read in source code. Numeric entities (©) work for any Unicode character, even those without a named equivalent. For maximum compatibility, especially in XML and XHTML, numeric entities are the safer choice.
For URL-specific encoding, use the URL Encoder. For encoding binary data as text, try the Base64 Encoder. If you are building web applications and need to test how your encoded output looks, the Markdown Preview can help with formatted content. For a practical look at building with free web APIs, see 30+ Free APIs for Developers in 2026.
All encoding and decoding happens entirely in your browser. No data is sent to any server. Your HTML content never leaves your machine.