Monu Tools

HTML 实体编码 / 解码

将文本编码为 HTML 实体,或将实体解码回文本,UTF-8 安全且在客户端运行。

如何使用 HTML 编码

  1. 01

    粘贴你的文本或 HTML。

  2. 02

    选择编码(转义 HTML 特殊字符)、全部编码(同时转义非 ASCII)或解码。

  3. 03

    复制结果。

What it does

An HTML entity encoder and decoder for escaping special characters so they display as text instead of being interpreted as markup. It converts characters like < and & into entities such as &lt; and &amp;, and decodes them back again.

Encoding and decoding are UTF-8 safe and run entirely in your browser, so nothing you paste is uploaded.

How encoding works

Encoding always escapes the five characters that have special meaning in HTML: & < > " and '. That is what stops a stray < from being read as the start of a tag, or text from accidentally breaking out of an attribute.

An Encode all option additionally turns every non-ASCII character into a numeric entity, which is useful for legacy systems, some email pipelines, or anywhere you need to be sure the output is pure ASCII.

What decoding understands

Decoding understands all three entity forms: named entities like &amp; and &copy;, decimal entities like &#233;, and hexadecimal entities like &#x20AC;. Sequences it does not recognize are left untouched rather than mangled.

Encoding and XSS

Escaping the HTML specials is the core defense against HTML injection and cross-site scripting (XSS): any untrusted text should be encoded before it is placed into a page, so it renders as harmless characters instead of active markup.

常见问题

编码和全部编码有何区别?

编码只转义 HTML 中必须转义的五个字符(& < > " ')。全部编码还会将每个非 ASCII 字符转换为数字实体,适用于旧系统或电子邮件。

它能解码哪些实体?

命名实体如 &amp; 和 &copy;,十进制实体如 &#233;,以及十六进制实体如 &#x20AC;。未知序列会保持不变。

它能防止 XSS 吗?

转义 HTML 特殊字符是防止注入标记的核心手段。在将不可信文本放入 HTML 之前,请始终进行编码。

来源

嵌入此工具

将此工具添加到你自己的网站。复制下方代码片段即可,它会自动保持最新。

<iframe src="https://monu.tools/embed/zh/html-encoder" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>

相关工具