Encode text to HTML entities or decode entities back to text. Escape <, >, &, quotes for safe display in HTML.
Paste any text containing < > & or quotes into the tool to get an HTML-safe version (with entities like < & "). Add |||decode to an entity-encoded string to reverse the conversion. Everything runs in the browser — no data is stored, and the tool handles full Unicode including Turkish and Arabic characters.
Discover 160+ free tools for web scraping, SEO analysis, OSINT, and more. 30 free uses every day — no signup required.
Paste any text containing < > & or quotes into the tool to get an HTML-safe version (with entities like < & "). Add |||decode to an entity-encoded string to reverse the conversion. Everything runs in the browser — no data is stored, and the tool handles full Unicode including Turkish and Arabic characters.
The HTML Entity Encoder and Decoder is a free online tool that instantly converts special characters like <, >, &, and quotes into their corresponding HTML entities (<, >, &, "), and decodes entity sequences back into readable text. It's an essential utility for anyone working with HTML, email templates, XML, or content management systems — especially when you're displaying user-generated content and need to prevent cross-site scripting (XSS) attacks.
Drop the raw content into the input box. It can be plain text you want to make HTML-safe, or HTML that already has entities you want to decode back to readable characters.
Leave the text as-is to encode it (default). To decode entities back to characters, append |||decode to the end of your input — the tool will auto-detect and reverse the conversion.
The result shows the encoded and decoded versions side by side, plus a reference table of every entity the tool replaced so you can learn what each one represents.
Click the copy button next to the encoded or decoded output. No signup, no history stored — close the tab and the data is gone.
Always encode user-supplied HTML on the server, not just in the browser — client-side escaping can be bypassed.
For email templates, encode both quotes and non-ASCII characters so legacy email clients don't mangle them.
If you see double-encoded output (like &amp;), decode twice to get back to the original text.
Any time you display untrusted or user-provided text inside an HTML page. Encoding prevents HTML injection and XSS attacks, and keeps your markup valid when user input contains <, >, or & characters.
They render the same character (&). & is the named entity; & is the numeric decimal entity; & is the hex form. All three are valid HTML and interchangeable — most developers prefer & for readability.
Yes. The tool preserves Unicode by default. It only replaces the five core HTML-reserved characters (< > & ' ") plus any non-printable ones. Turkish ş ğ ç ö ü, Arabic script, and emoji pass through untouched.
No. HTML entities (&) are for HTML context. URL encoding (%26) is for URLs. Use our URL Encoder/Decoder tool when you need to escape characters in query strings or paths.
No. All conversion happens at request time and nothing is logged or retained. Close the tab and the data is gone — safe for sensitive content.
You might also like
Extract the color palette from any website — hex codes, RGB values, frequency analysis, and color categorization.
Validate, format, and minify JSON data with syntax highlighting and error detection.
Test regular expressions against text with match highlighting, groups, and flags support.
Decode JSON Web Tokens to inspect header, payload, and expiration without verification.
Scrape WooCommerce stores via REST API or HTML fallback for product listings.
Extract HTML tables from any webpage and download as CSV/Excel.
Looking for something specific? Browse all 157 Krawly tools
