ToolWren › HTML Entities

HTML Entity Encoder & Decoder

Escape characters like <, > and & into HTML entities so they display literally, or unescape entities back to plain text.

100% client-side · nothing is uploaded

Loading tool…

How to use the HTML Entities

Choose the mode you need with the Encode / Decode toggle at the top of the tool.
Type or paste your text into the Input box — the result appears instantly as you type.
Use Swap (⇅) to move the output back into the input and flip the mode, which is handy for round-trips.
Click Copy to copy the result, or Clear to start over.

Privacy: this tool runs entirely in your browser. Your input is never sent to, received by, or stored on any server — there are no uploads and no tracking of what you enter.

About HTML Entities

What are HTML entities?

HTML entities are codes that represent characters with special meaning in HTML. For instance < renders as <, and & renders as &. They let you show those characters without the browser interpreting them as markup.

Escaping for safety

Escaping user-supplied text before inserting it into a page is a core defense against cross-site scripting (XSS). Converting <, >, &, " and ' to entities prevents the browser from running injected tags or scripts.

Unescaping

Decoding turns entities (named like © or numeric like ©) back into the characters they represent — handy when reading scraped or stored HTML.

Frequently asked questions

Which characters does the encoder escape?

The five HTML-significant characters: &, <, >, " and '.

Yes. The decoder uses the browser's own parser, so named, decimal and hex entities all resolve correctly.

Is escaping enough to prevent XSS?

Context-correct escaping helps a lot, but a full defense also considers attribute, URL and script contexts. Use a vetted templating/sanitizer library for untrusted input.