HTML Entity Encoder / Decoder

When writing web applications, you often need to display code snippets or user-generated content on a page. The problem is that web browsers interpret characters like < and > as the beginning and end of executable HTML tags or scripts.

The Danger of Raw HTML (XSS)

If a user submits a comment on your blog that looks like this: <script>alert('Hacked!');</script>, and you output that directly into your DOM without escaping it, the browser will literally execute their JavaScript code. This is known as Cross-Site Scripting (XSS).

How Encoding Solves It

HTML Entities are safe representations of reserved characters. By encoding (escaping) the input, dangerous characters are replaced with text strings that the browser displays visually, but refuses to execute.

< becomes <
> becomes >
" becomes "
' becomes '
& becomes &

Decoding (Unescaping)

Sometimes you need to do the reverse. If you've scraped data from a website or pulled it from an old database and it is full of " and &, the Decode function will turn it back into raw, usable code.

The Danger of Raw HTML (XSS)

How Encoding Solves It

Decoding (Unescaping)

Related Tools

Base64 Decoder

Base64 Encoder & Decoder

Color Converter

CSS Beautifier

CSV to JSON Converter

Dummy JSON Generator

HTML Minifier

HTML Tag Remover

JS Obfuscator

JSON Formatter

JSON to CSV Converter

JSON Toolkit

Markdown to HTML Converter

PX to REM Converter

Random Number Generator

Secure Hash Generator

URL Encoder / Decoder

UUID Generator

WordPress Theme Detector

XML Formatter