Skip to main content
K
KnowKit

Trying to display < or & symbols on a webpage but they keep disappearing?

HTML entities turn special characters into safe display text. Convert them here.

HTML Entity Encoder

Encode or decode HTML entities for safe web content

Understanding HTML Entities and Web Encoding

The HTML Entity Encoder converts special characters like ampersands, angle brackets, and quotes to their HTML entity equivalents. This is essential for safely displaying user-generated content, writing technical documentation, and preventing XSS vulnerabilities. The real-time preview updates as you type, making it easy to verify the encoded output.

Why HTML Entities Matter for Security

HTML entities are the first line of defense against Cross-Site Scripting (XSS) attacks. When user input contains characters like < or >, encoding them to &lt; and &gt; ensures the browser treats them as text, not as markup. This simple transformation prevents malicious scripts from executing in other users’ browsers.

Common Mistakes

  • Forgetting to encode the ampersand (&) itself — it's the most commonly missed entity in user-generated content
  • Relying on JavaScript's innerHTML without encoding, which leaves your page vulnerable to XSS attacks
  • Confusing HTML entities with URL encoding — they serve different purposes and use different syntax

Pro Tips

  • Always encode user input before inserting it into innerHTML or rendering it in templates
  • The five critical characters to encode are: &, <, >, ", and '
  • Modern frameworks like React and Vue auto-escape content, but you still need entities when working with dangerouslySetInnerHTML or v-html

Real-World Examples

Displaying code in a blog post

To show <div> as text in HTML, write &lt;div&gt; — otherwise the browser renders it as an invisible element

XSS prevention

Encoding user comments like <script>alert('xss')</script> to &lt;script&gt;... neutralizes the attack

XML/RSS feeds

Ampersands in text content must be encoded as &amp; to prevent malformed XML that parsers cannot process

Characters handled
&&amp;<&lt;>&gt;"&quot;'&#39;

Want to learn more?

Text Encoding Explained

Read Full Guide
On this page

About HTML Entity Encoding

What are HTML Entities?

HTML entities are special sequences of characters used to represent reserved characters in HTML that would otherwise be interpreted as part of the HTML markup. They always start with an ampersand (&) and end with a semicolon (;). For example, &lt; represents the less-than sign (<), and &gt; represents the greater-than sign (>).

HTML defines a large set of named entities for common characters, and also supports numeric entities using decimal (&#60;) or hexadecimal (&#x3C;) notation. The five characters that most commonly need entity encoding are the ampersand (&amp;), less-than (&lt;), greater-than (&gt;), double quote (&quot;), and single quote (&#39;).

HTML entities serve a critical role in web development by preventing browser interpretation conflicts and enabling the display of special characters. Without entity encoding, characters like < and > would be treated as HTML tags, and the browser would try to render them as markup instead of displaying them as text.

How to Use This Tool

Select the mode: "Encode" to convert special characters to their HTML entity equivalents, or "Decode" to convert HTML entities back to their original characters. Paste or type your text into the input area on the left, and the result appears instantly in the output area on the right.

The tool converts five characters in encode mode: & (ampersand), < (less than), > (greater than), " (double quote), and ' (single quote). In decode mode, it recognizes the named entities &amp;, &lt;, &gt;, &quot;, &#39;, and &apos;, converting them back to their original characters.

Click the "Copy" button to copy the output to your clipboard. The conversion happens in real time as you type, so you can see the result immediately without pressing any button.

Why Encode HTML Entities?

Preventing XSS Attacks

Cross-Site Scripting (XSS) is one of the most common web security vulnerabilities. It occurs when untrusted user input is rendered in an HTML page without proper encoding. An attacker can inject malicious scripts through form fields, URL parameters, or other input vectors. Encoding HTML entities neutralizes these attacks by ensuring that special characters are treated as text, not as markup.

Displaying Code Snippets

When writing technical documentation, tutorials, or blog posts that include code examples, you need to encode HTML entities so that the code is displayed as text rather than being rendered by the browser. For example, to display <div> in a blog post, you must write &lt;div&gt; in the HTML source.

Data Integrity in XML and RSS

XML and RSS feeds require special characters to be entity-encoded. The ampersand character, in particular, is used as the start of entity references in XML, so it must always be encoded as &amp; when it appears in text content. Failure to encode these characters results in malformed XML that parsers cannot process.

This utility is provided for informational purposes only. KnowKit is not responsible for any errors in the output.

Explore more about Data & Code

You might also like

Base64URL EncodingMarkdown to HTML

Frequently Asked Questions

Which characters need to be encoded in HTML?

The five characters that must always be encoded are: & (ampersand), < (less than), > (greater than), " (double quote), and ' (single quote). The first three are required because they have special meaning in HTML. Quotes should be encoded when they appear inside attribute values to prevent attribute injection.

What is the difference between &apos; and &#39;?

Both represent the single quote character. &apos; is the named entity defined in XML and HTML5. &#39; is the decimal numeric entity. They are functionally identical in modern browsers, though &apos; was not defined in HTML 4, which is why &#39; is sometimes used for broader compatibility.

Do I need to encode characters in JavaScript strings?

No. JavaScript strings use backslash escaping (like \n, \t, \") rather than HTML entities. HTML entity encoding is only needed when inserting text into HTML content. When building HTML strings in JavaScript, you should entity-encode any user-provided text before inserting it into innerHTML.

Does this tool handle numeric entities like &#169;?

This tool focuses on the five most commonly needed entities. It encodes and decodes &amp;, &lt;, &gt;, &quot;, &#39;, and &apos;. For a more comprehensive encoding converter that supports decimal and hexadecimal numeric entities, use our Encoding Converter tool.