and it is inserted into the page without encoding, the script executes. Encoding it to <script> makes it display as literal text instead."}},{"@type":"Question","name":"What does \"Encode for attribute\" do?","acceptedAnswer":{"@type":"Answer","text":"Attributes in HTML tags require additional characters to be encoded. The backtick (`) and equals sign (=) can be used in attribute injection attacks. The \"Encode for attribute\" option additionally encodes ` to ` and = to =, making the output safe to insert inside an HTML attribute value."}},{"@type":"Question","name":"What entities does this tool encode and decode?","acceptedAnswer":{"@type":"Answer","text":"The tool handles the five core HTML entities: & (ampersand), < (less-than), > (greater-than), " (double quote), and ' (single quote / apostrophe). In attribute mode it also handles ` (backtick) and = (equals sign). The entity count is shown below the output."}},{"@type":"Question","name":"Is my data sent to a server?","acceptedAnswer":{"@type":"Answer","text":"No. All encoding and decoding is done with plain JavaScript string replacement in your browser. Nothing is sent to any server. The tool works offline once the page has loaded."}}]}

HTML Encoder & Decoder Online Free

HTML Encoder / Decoder is a free online tool that converts special characters to HTML entities (< > & " ') and back — instantly in your browser. It is useful for safely embedding user content in HTML pages, debugging entity-encoded markup, and preventing XSS vulnerabilities. Nothing is sent to a server.

Loading tool…

How to Encode and Decode HTML Entities Online

01
Paste your content
Paste HTML, code, or any text containing special characters into the input area.
02
Choose Encode or Decode
Click Encode to convert < > & " ' to entities, or Decode to reverse the process. Enable "for attribute" for extra characters.
03
Copy the result
Click Copy to grab the output. Use Swap to move the output back to the input for chaining operations.

Features

✓Encodes & < > " ' to HTML entities
✓"Encode for attribute" mode (adds ` and =)
✓Decodes all standard HTML entities
✓Entity count shown in output
✓Swap input and output with one click
✓100% client-side — no data sent to server
✓Works offline once the page is loaded
✓No login, no file upload, no sign-up

Frequently Asked Questions

What is HTML encoding?

HTML encoding converts characters that have special meaning in HTML — such as <, >, &, and " — into their entity equivalents (< > & "). This prevents browsers from interpreting them as HTML markup and is essential when displaying user-submitted content on a web page.

Why is HTML encoding important for security?

Failing to encode user input before rendering it in HTML is the root cause of Cross-Site Scripting (XSS) attacks. If a user submits <script>alert(1)</script> and it is inserted into the page without encoding, the script executes. Encoding it to <script> makes it display as literal text instead.

What does "Encode for attribute" do?

Attributes in HTML tags require additional characters to be encoded. The backtick (`) and equals sign (=) can be used in attribute injection attacks. The "Encode for attribute" option additionally encodes ` to ` and = to =, making the output safe to insert inside an HTML attribute value.

What entities does this tool encode and decode?

The tool handles the five core HTML entities: & (ampersand), < (less-than), > (greater-than), " (double quote), and ' (single quote / apostrophe). In attribute mode it also handles ` (backtick) and = (equals sign). The entity count is shown below the output.

Is my data sent to a server?

No. All encoding and decoding is done with plain JavaScript string replacement in your browser. Nothing is sent to any server. The tool works offline once the page has loaded.

Related Tools

URL

URL Encoder / Decoder

Percent-encode and decode URLs and query strings.

Base64 Encoder / Decoder

Encode and decode Base64 strings and files.

{ }

JSON Formatter

Format, validate and minify JSON.