Monu Tools

HTML Entity Encoder / Decoder

Encode text to HTML entities or decode entities back to text, UTF-8 safe and client-side.

How to use the HTML Encoder

  1. 01

    Paste your text or HTML.

  2. 02

    Choose Encode (escape the HTML specials), Encode all (also escape non-ASCII) or Decode.

  3. 03

    Copy the result.

What it does

An HTML entity encoder and decoder for escaping special characters so they display as text instead of being interpreted as markup. It converts characters like < and & into entities such as &lt; and &amp;, and decodes them back again.

Encoding and decoding are UTF-8 safe and run entirely in your browser, so nothing you paste is uploaded.

How encoding works

Encoding always escapes the five characters that have special meaning in HTML: & < > " and '. That is what stops a stray < from being read as the start of a tag, or text from accidentally breaking out of an attribute.

An Encode all option additionally turns every non-ASCII character into a numeric entity, which is useful for legacy systems, some email pipelines, or anywhere you need to be sure the output is pure ASCII.

What decoding understands

Decoding understands all three entity forms: named entities like &amp; and &copy;, decimal entities like &#233;, and hexadecimal entities like &#x20AC;. Sequences it does not recognize are left untouched rather than mangled.

Encoding and XSS

Escaping the HTML specials is the core defense against HTML injection and cross-site scripting (XSS): any untrusted text should be encoded before it is placed into a page, so it renders as harmless characters instead of active markup.

Frequently asked questions

What is the difference between Encode and Encode all?

Encode escapes only the five characters that must be escaped in HTML (& < > " '). Encode all additionally turns every non-ASCII character into a numeric entity, useful for legacy systems or email.

Which entities can it decode?

Named entities like &amp; and &copy;, decimal entities like &#233;, and hexadecimal entities like &#x20AC;. Unknown sequences are left unchanged.

Does it prevent XSS?

Encoding the HTML specials is the core defense against injecting markup. Always encode untrusted text before placing it in HTML.

What is an HTML entity?

An entity is a code that represents a character, such as &lt; for < or &amp; for &. It lets you show characters that would otherwise be read as markup, or characters not easily typed.

When do I need to encode text?

Whenever you put text you do not fully control into a web page: user comments, names, search terms or imported data. Encoding keeps it from being treated as HTML.

Is my text uploaded?

No. Encoding and decoding run entirely in your browser, so the text you paste never leaves your device.

Sources

Embed this tool

Add this tool to your own website. Copy the snippet below; it stays up to date automatically.

<iframe src="https://monu.tools/embed/en/html-encoder" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>

Learn more

Related tools