HTML Entity Encoder / Decoder

About this tool

Encode text into HTML entities or decode entities back into readable characters to verify escaping for content and attributes. The tool lets you inspect conversions for XSS mitigation, templating, and display checks entirely in the browser with no network access.

HTML entity conversion

0 characters / 0 bytes
Samples:
0 characters / 0 bytes
Conversion mode
Character set (encode mode)
Output format (encode mode)
Whitespace & line breaks

When using “Preserve runs of spaces,” apply white-space: pre-wrap; or similar in your layout to keep the visual spacing.

Additional options

Ready (auto convert: on)

How to use

  1. Paste or type text into the input area, or apply one of the samples.
  2. Choose Encode or Decode and adjust whitespace, numeric reference, and custom character options.
  3. With auto convert enabled the output updates automatically; otherwise click “Run conversion.”
  4. Use “Copy output” or “Download output” to keep the result.

Notes

  • Encoding escapes the five base characters through the DOM and applies additional conversions (custom characters, non-ASCII) as selected.
  • Decoding assigns the input to a temporary element’s innerHTML and reads textContent, so scripts are never executed.
  • If you convert to <br> or preserve runs of spaces, adjust white-space styles on the consuming page for the desired layout.
  • XSS mitigation is context-dependent—HTML attributes, URLs, JavaScript, and JSON require their own escaping strategies.
  • Detect pre-encoded entities to avoid double encoding when processing existing markup.
  • Performance depends on the browser and device; the worker cooperatively yields for inputs around 1 MB.
  • Known limitation: URL encoding, attribute-specific rules, and script context escaping are outside this tool’s scope.

All processing happens in your browser; no data is sent.