Free HTML Entity Encoder and Decoder
Encode reserved and non-ASCII characters into safe HTML entities, or decode named, decimal, and hexadecimal entities back into the original text. Everything runs locally in your browser, so nothing you paste ever leaves your device.
Quick answer
To encode, paste your text and the tool replaces the reserved characters & < > " ' with their named entities (and optionally every non-ASCII character with a numeric entity like é). To decode, paste HTML containing entities and the tool looks each one up in a named-entity table or parses numeric &#NN; and hexadecimal &#xNN; forms to rebuild the plain text. Choose the Encode or Decode mode and the result updates live as you type.
Formula & method
Encode reserved characters
& -> & , < -> < , > -> > , " -> " , ' -> '
- & — named entity for the ampersand
- < — named entity for less-than
- > — named entity for greater-than
- " — named entity for the double-quote
- ' — numeric entity for the apostrophe
These five characters are always escaped first because they are HTML-significant.
Encode non-ASCII (optional)
any character with code point > 127 -> &#<code point>;
- code point — the decimal Unicode value of the character, e.g. e-acute = 233
Produces an ASCII-only output. Example: e-acute -> é
Decode any reference
named: &name; -> table[name] ; decimal: &#N; -> char(N) ; hex: &#xH; -> char(parseInt(H,16))
- N — decimal Unicode code point inside &#...;
- H — hexadecimal Unicode code point inside &#x...;
- name — named-entity key such as amp, lt, gt, copy, euro
HTML reserves a handful of characters that change meaning inside markup: the ampersand (&), less-than (<), greater-than (>), double-quote ("), and apostrophe ('). When you want these characters to display literally instead of being parsed as tags or attribute boundaries, you replace them with character references called entities. In Encode mode this tool walks the input one Unicode code point at a time, swapping each reserved character for its named entity (& becomes &, < becomes <, > becomes >, " becomes ", ' becomes '). When the optional "encode all non-ASCII" setting is on, any character above code point 127 (accented letters, dashes, currency symbols, emoji) is also converted to a numeric decimal entity of the form &#N; so the output is pure ASCII and safe to embed anywhere regardless of page encoding. In Decode mode the tool scans for character references with a single pass: named references (like © or <) are resolved through a built-in lookup table, decimal references (€) are parsed as base-10 code points, and hexadecimal references (€ or €) are parsed as base-16, then rebuilt with String.fromCodePoint. Unknown or malformed references are left untouched so no data is silently lost. All processing is synchronous JavaScript that runs entirely in your browser.
Examples
- Input
- <script>alert("Hi & bye")</script>
- Result
- <script>alert("Hi & bye")</script>
- Why
- In Encode mode each reserved character is swapped: < and > become < and >, the double-quotes become ", and the bare & becomes &, so the snippet displays as literal text instead of running as a script.
- Input
- Tom & Jerry <3
- Result
- Tom & Jerry <3
- Why
- In Decode mode & is looked up to & and < is looked up to <, rebuilding the original text 'Tom & Jerry <3'.
- Input
- Café — €5
- Result
- Café — €5
- Why
- With 'encode all non-ASCII' on, e-acute (code point 233) becomes é, the em dash (8212) becomes —, and the euro sign (8364) becomes €, leaving an ASCII-only string.
- Input
- <b>hi</b>
- Result
- <b>hi</b>
- Why
- Each < is parsed as hex 3C = 60 = '<' and > as hex 3E = 62 = '>', so the references rebuild the bold tags around 'hi'.
When to use this tool
- Displaying code samples, math like a < b, or raw HTML on a web page so the browser shows the characters instead of interpreting them as markup.
- Sanitizing user-supplied strings before inserting them into HTML to avoid breaking tags or attributes.
- Reading exported data, RSS feeds, or scraped content that contains & € or € and turning it back into readable plain text.
Common mistakes
- Forgetting to encode the ampersand first. If you encode < to < but leave a literal & in 'Tom & Jerry', the result can be mis-parsed; the & must always become &.
- Assuming ' works everywhere. The named apostrophe entity is not defined in HTML4, so this tool emits the safer numeric ' for the single quote.
- Double-encoding text that is already encoded. Running encode twice turns & into &amp;; decode once back to plain text before re-encoding.
Frequently asked questions
What is an HTML entity?
An HTML entity (character reference) is a code that represents a character that is reserved or hard to type directly. It starts with an ampersand and ends with a semicolon, for example & for &, < for <, or numeric forms like é and €. The browser renders the entity as the character it stands for.
Which characters must I encode in HTML?
At minimum the five HTML-significant characters: & (&), < (<), > (>), " ("), and ' ('). The ampersand and angle brackets matter in element text, while the quotes matter inside attribute values. Encoding all non-ASCII characters is optional but makes the output safe regardless of the page's character encoding.
What is the difference between named and numeric entities?
Named entities use a memorable label, like © or €, and only exist for a defined set of characters. Numeric entities reference a character by its Unicode code point in decimal (€) or hexadecimal (€) and work for any character. This decoder understands all three forms; the encoder emits named entities for the five reserved characters and decimal numeric entities for non-ASCII.
Does decoding handle hexadecimal entities like €?
Yes. The decoder recognizes named references through a lookup table, decimal references such as €, and hexadecimal references such as € or € (the x is case-insensitive). Each is converted to the matching Unicode character with String.fromCodePoint.
Why does my apostrophe become ' instead of '?
' is valid in XHTML and HTML5 but was never part of HTML4, so some older parsers do not recognize it. To stay maximally compatible this tool encodes the single quote as the numeric ', which every browser decodes correctly.
Is my text uploaded anywhere when I encode or decode?
No. All encoding and decoding happens entirely in your browser with plain JavaScript. Nothing you paste is sent to a server, logged, or stored, so it is safe to use with private or internal content.
What happens to an entity the decoder does not recognize?
Unknown or malformed references are left exactly as they are rather than being deleted. For example a stray &fakeentity; or a malformed &#; is passed through unchanged, so you never lose data and can spot the problem in the output.
Sources & references
- MDN Web Docs - HTML character references
- WHATWG HTML Standard - Named character references
- MDN - String.fromCodePoint()
External references open in a new tab. We are independent and not affiliated with these organizations.
- ✓ Free to use
- ✓ No sign-up required
- ✓ Runs entirely in your browser — nothing is uploaded.
- ✓ Formula and method shown above
Provided “as is” for general information only — results may be inaccurate, so verify before you rely on them. No warranty; use at your own risk.
Built and reviewed by HIFreeTools against the formula shown above and any authoritative references cited on this page. See our methodology and editorial standards.
Related tools
- URL Encoder & DecoderDeveloper
- Base64 Encoder & DecoderDeveloper
- Find and Replace TextText
- JSON Formatter & ValidatorDeveloper
- Text Case ConverterText
- Text ReverserText
Embed this tool on your site
Free to embed, no sign-up. Paste this code where you want the html entity encoder and decoder to appear: