Toolerax logoToolerax

HTML Encode / Decode

Escape & unescape HTML entities.

100% private — runs in your browser, nothing is uploaded.

How to use the HTML Encode / Decode

  1. 1
    Enter text or HTML

    Paste the text or HTML markup you want to convert.

  2. 2
    Encode or decode

    Click Encode HTML to escape entities, or Decode HTML to turn entities back into characters.

  3. 3
    Copy the result

    Copy the encoded or decoded output with one click.

Examples

InputOutput
<b>Bold & bright</b>&lt;b&gt;Bold &amp; bright&lt;/b&gt;
She said "hi"She said &quot;hi&quot;

Free online HTML encoder & decoder

This HTML encoder / decoder escapes special characters into HTML entities, or converts entities back into plain text. It is essential for displaying code snippets, preventing markup from breaking, and handling user-generated content safely.

Examples

  • <div> becomes &lt;div&gt; when encoded.
  • &amp; becomes & when decoded.

Runs 100% in your browser — nothing is uploaded.

Frequently Asked Questions

What is HTML encoding?

HTML encoding replaces special characters like <, >, & and " with entity codes (&lt;, &gt;, &amp;, &quot;) so they display as text instead of being interpreted as HTML markup.

When should I encode HTML?

Encode HTML when you want to show code or user input on a web page safely, or to prevent characters from breaking your markup. Decode to turn entities back into normal characters.

Is my input private?

Yes — encoding and decoding happen entirely in your browser.

Which characters get encoded?

The five that affect HTML: & becomes &amp;, < becomes &lt;, > becomes &gt;, " becomes &quot; and ' becomes &#39;. Everything else is left as-is.

Does HTML encoding prevent XSS?

Encoding output that contains user input is a key defence against cross-site scripting, because it stops the browser from treating the text as executable HTML. Always encode untrusted content before displaying it.

From the blogHTML Encoding ExplainedWhy HTML needs entities like &amp;lt; and &amp;amp;, which characters must be escaped, how escaping prevents XSS attacks, and the double-encoding trap.Read the full guide

Related tools