HTML Encoder / Decoder
Encode special characters to HTML entities and decode them back.
About this tool
HTML encoding converts special characters into HTML entity references—sequences that represent characters safely within web documents. Common characters like < (less-than), > (greater-than), & (ampersand), and " (quotation mark) have special meanings in HTML markup, so they must be encoded as <, >, &, and " to display correctly. Decoding reverses this process, transforming entities back into readable characters. This is essential for web developers, content creators, and anyone working with code snippets, API responses, or user input that might contain HTML-sensitive characters.
To use this tool, paste your text into the input field and choose whether to encode (convert special characters to entities) or decode (convert entities back to characters). The transformation happens instantly in your browser—no server upload required. You can encode raw HTML to protect it from being interpreted as markup, or decode entities to see the original text. The results appear immediately and can be copied directly to your clipboard, making batch processing simple for documentation, forum posts, email composition, or data preparation tasks.
Frequently Asked Questions
Code Implementation
import html
# Encode: replace <, >, &, ", ' with HTML entities
raw = "<script>alert('XSS')</script> & <b>bold</b>"
encoded = html.escape(raw)
print(encoded)
# <script>alert('XSS')</script> & <b>bold</b>
# Also encode quotes (useful inside HTML attributes)
encoded_all = html.escape(raw, quote=True)
print(encoded_all)
# <script>alert('XSS')</script> & <b>bold</b>
# Decode: convert HTML entities back to plain text
decoded = html.unescape(encoded)
print(decoded)
# <script>alert('XSS')</script> & <b>bold</b>
# Safe injection into a template
user_input = "<img src=x onerror=alert(1)>"
safe_html = f"<p>{html.escape(user_input)}</p>"Comments & Feedback
Comments are powered by Giscus. Sign in with GitHub to leave a comment.