What is the difference between named, decimal, and hex HTML entities?

All three notations refer to the same character. Named entities like © are human-readable. Decimal entities like © use the Unicode code point in base 10. Hex entities like © use the same code point in hexadecimal. Named entities are easiest to read; decimal and hex work for any Unicode character.

How does this HTML entity tool work?

The encoder uses the browser's native DOM: it sets your text as the textContent of an in-memory element and reads back the innerHTML. The decoder sets entity strings as innerHTML and reads back textContent. No external library is needed.

Free HTML Entity Encoder & Decoder - Escape HTML Online (2026)

Q: Why should I encode HTML before inserting user content into a page?

Without HTML encoding, a malicious user can inject a tag that executes arbitrary JavaScript - a cross-site scripting (XSS) attack. Encoding converts angle brackets into <script>, which displays as harmless text.

Q: Do I need to encode all Unicode characters?

No. If your page uses UTF-8 encoding, you can include any Unicode character directly without entity-encoding. Only five characters must always be encoded in HTML: &, , ", and '.

Encode special characters like <, >, &, and " into safe HTML entities - or decode entities back to plain text. Free, private, runs entirely in your browser.

Encode & decode in one view - named, hex & decimal entities - all free, all instant.

Essential for HTML emails, CMS content, template engines, and safe HTML output.

Mode:

Plain text or HTML to encode

Paste your text and click Encode or Decode to convert HTML entities.

Quick Reference

Common HTML Entities

Entity Name	Character	Hex	Decimal	Description
&	&	&	&	Ampersand
<	<	<	<	Less-than sign
>	>	>	>	Greater-than sign
"	"	"	"	Double quotation mark
'	'	'	'	Single quotation mark
				Non-breaking space
©	©	©	©	Copyright sign
®	®	®	®	Registered trademark
™	™	™	™	Trademark symbol
€	€	€	€	Euro sign
£	£	£	£	Pound sign
—	-	—	—	Em dash
–	–	–	–	En dash
…	…	…	…	Horizontal ellipsis
« / »	« / »	« / »	« / »	Left/right angle quotes

Last updated: June 5 2026

Reviewed by the QuickTooly Team

HTML Entities Guide

What Are HTML Entities and Why Do They Matter?

HTML entities are special sequences that represent characters which would otherwise be misinterpreted by a browser as HTML markup. For example, if you want to display a literal < character on a web page, you must write it as < - otherwise the browser treats it as the start of an HTML tag.

Security (XSS prevention): Encoding user-supplied input before inserting it into HTML stops cross-site scripting attacks. A malicious <script> tag becomes the harmless string <script>.
HTML email compatibility: Email clients are notoriously strict. Encoding special characters ensures symbols like &, <, and > display correctly across Gmail, Outlook, Apple Mail, and webmail clients.
CMS and template engines: When pasting HTML snippets into a CMS rich-text field or a template string, entities prevent the content from being interpreted as live markup.
Special symbols: Characters like ©, ™, €, and - that aren't on a standard keyboard can be reliably inserted using named entities such as ©, ™, €, and —.
100% private: All encoding and decoding runs in your browser. Your text is never sent to any server.
Completely free: No account required, no usage limits, no paywalls.

How to Encode or Decode HTML Entities - 3 Steps

Choose a mode - select Encode to escape special characters into entities, or Decode to convert entities back to their original characters.
Paste your text into the input area above - HTML snippets, template strings, email copy, or any text containing special characters.
Click Convert, then copy - the result appears instantly. Use the Copy button to grab it to your clipboard.

Encode vs. Decode - When to Use Each

Mode	Input	Output	Use Case
Encode	<p>Hello</p>	<p>Hello</p>	Safely display HTML code in a web page
Decode	© 2026 — All rights reserved	© 2026 - All rights reserved	Read entity-encoded content as plain text

Best Practices for HTML Entities

Always encode user input before rendering: Any content that comes from a user - form fields, URL parameters, database records - must be HTML-encoded before being inserted into a page. Skipping this step is the root cause of most XSS vulnerabilities.
Use UTF-8 and prefer named entities for readability: If your page declares charset="UTF-8" (which it should), you can write most Unicode characters directly. Reserve named entities like & and < for the five characters that must always be escaped in HTML.
The five mandatory HTML escape characters:& → &, < → <, > → >, " → " (inside attribute values), and ' → ' (inside single-quoted attributes).
HTML emails require strict encoding: Outlook and many webmail clients parse HTML loosely. Encode every special character in email templates - especially ampersands in URLs and query strings - to prevent rendering errors across clients.
Don't double-encode: Encoding already-encoded content produces strings like &amp;. Decode first if you're unsure whether the input is already encoded.

Frequently Asked Questions

What is HTML entity encoding?

HTML entity encoding converts characters that have special meaning in HTML - like <, >, and & - into safe escape sequences that browsers display as literal characters rather than interpreting as markup. For example, < becomes <.

What is the difference between named, decimal, and hex entities?

All three refer to the same character, just in different notation. For the copyright symbol ©: Named - © (human-readable, most browsers support it); Decimal - © (Unicode code point in base 10); Hex - © (same code point in hexadecimal). Named entities are easiest to read; decimal and hex work for any Unicode character including those without a named alias.

Why should I encode HTML before inserting user content into a page?

If you insert raw user input into HTML without encoding, a malicious user can inject a <script> tag that executes arbitrary JavaScript in other users' browsers - a cross-site scripting (XSS) attack. Encoding converts the angle brackets into <script>, which is rendered as plain text and cannot run.

Do I need to encode all Unicode characters?

No. If your HTML page uses UTF-8 encoding (declared via <meta charset="UTF-8">), you can include any Unicode character - emoji, accented letters, CJK characters - directly in the source without entity-encoding them. Only the five characters that break HTML syntax must always be encoded: &, <, >, ", and '.

How does this tool handle encoding and decoding?

The encoder sets your text as the textContent of an in-memory DOM element and reads back the innerHTML - the browser's own HTML serialiser handles all escaping. The decoder sets your entity string as innerHTML and reads back the textContent - the browser's HTML parser resolves all named, decimal, and hex entities automatically. No external library is required.

Is my text stored or sent anywhere?

No. All encoding and decoding happens entirely in your browser using JavaScript. Your text is never sent to any server, stored in a database, or shared with any third party. You can safely paste confidential HTML templates or proprietary content.

Looking for related tools? Try our Slug Generator, the Markdown to HTML converter, or browse the full Text Tools suite.