HTML Entity Encoder Online — Escape HTML Characters Free
Stop worrying about broken HTML from user-generated content or template injection bugs. This free HTML Entity Encoder converts any raw text into properly escaped HTML entities — instantly, directly in your browser, with zero data sent to any server.
Whether you're sanitizing content before inserting it into a webpage, writing code examples for documentation, or debugging an email template, this tool produces clean, safe, copy-ready output in milliseconds.
How to Use the HTML Entity Encoder
- Paste your text — type or paste any string into the input area.
- Choose an encoding mode — pick the mode that matches your use case (see below).
- See the result instantly — the encoded output appears in real time as you type.
- Copy the output — click Copy or press
Shift+Enterto copy the encoded result to your clipboard.
Switch to the Decode tab at any time to reverse the process, or click "Swap & Decode" to send the encoded output directly to the decoder.
Encoding Modes
| Mode | What it encodes | Best for |
|---|---|---|
| Essential | & < > " ' only |
XSS prevention, HTML attribute safety |
| Named Entities | All chars with official HTML names (accents, symbols, currency…) | Legacy systems, maximum named-entity coverage |
| Numeric (&#…;) | All non-ASCII as &#NNNN; decimal refs |
Maximum compatibility with older parsers |
HTML Entities — What They Are and Why They Matter
HTML entities are text representations of characters that have special meaning in HTML, or characters that may not be safely embedded as raw Unicode. There are three equivalent forms for any entity:
- Named:
á— human-readable, part of the HTML5 spec - Decimal numeric:
á— universal, no name required - Hex numeric:
á— same value in hexadecimal
Essential Entities (XSS-Critical)
These five characters must always be escaped when inserting arbitrary text into HTML:
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
& |
& |
& |
Ampersand — starts every entity |
< |
< |
< |
Less-than — opens HTML tags |
> |
> |
> |
Greater-than — closes HTML tags |
" |
" |
" |
Double quote — delimits attribute values |
' |
' |
' |
Single quote — alternative attribute delimiter |
Without escaping these, user-supplied text can inject markup or trigger XSS attacks.
Accented Latin — Uppercase
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
À |
À |
À |
A with grave accent |
Á |
Á |
Á |
A with acute accent |
 |
 |
 |
A with circumflex |
à |
à |
à |
A with tilde |
Ä |
Ä |
Ä |
A with umlaut |
Å |
Å |
Å |
A with ring above |
Æ |
Æ |
Æ |
AE ligature |
Ç |
Ç |
Ç |
C with cedilla |
È |
È |
È |
E with grave accent |
É |
É |
É |
E with acute accent |
Ê |
Ê |
Ê |
E with circumflex |
Ë |
Ë |
Ë |
E with umlaut |
Ì |
Ì |
Ì |
I with grave accent |
Í |
Í |
Í |
I with acute accent |
Î |
Î |
Î |
I with circumflex |
Ï |
Ï |
Ï |
I with umlaut |
Ñ |
Ñ |
Ñ |
N with tilde |
Ò |
Ò |
Ò |
O with grave accent |
Ó |
Ó |
Ó |
O with acute accent |
Ô |
Ô |
Ô |
O with circumflex |
Õ |
Õ |
Õ |
O with tilde |
Ö |
Ö |
Ö |
O with umlaut |
Ø |
Ø |
Ø |
O with stroke |
Ù |
Ù |
Ù |
U with grave accent |
Ú |
Ú |
Ú |
U with acute accent |
Û |
Û |
Û |
U with circumflex |
Ü |
Ü |
Ü |
U with umlaut |
Ý |
Ý |
Ý |
Y with acute accent |
Þ |
Þ |
Þ |
Latin capital thorn |
ß |
ß |
ß |
Latin sharp S (German) |
Accented Latin — Lowercase
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
à |
à |
à |
a with grave accent |
á |
á |
á |
a with acute accent |
â |
â |
â |
a with circumflex |
ã |
ã |
ã |
a with tilde |
ä |
ä |
ä |
a with umlaut |
å |
å |
å |
a with ring above |
æ |
æ |
æ |
ae ligature |
ç |
ç |
ç |
c with cedilla |
è |
è |
è |
e with grave accent |
é |
é |
é |
e with acute accent |
ê |
ê |
ê |
e with circumflex |
ë |
ë |
ë |
e with umlaut |
ì |
ì |
ì |
i with grave accent |
í |
í |
í |
i with acute accent |
î |
î |
î |
i with circumflex |
ï |
ï |
ï |
i with umlaut |
ð |
ð |
ð |
Latin small eth |
ñ |
ñ |
ñ |
n with tilde |
ò |
ò |
ò |
o with grave accent |
ó |
ó |
ó |
o with acute accent |
ô |
ô |
ô |
o with circumflex |
õ |
õ |
õ |
o with tilde |
ö |
ö |
ö |
o with umlaut |
ø |
ø |
ø |
o with stroke |
ù |
ù |
ù |
u with grave accent |
ú |
ú |
ú |
u with acute accent |
û |
û |
û |
u with circumflex |
ü |
ü |
ü |
u with umlaut |
ý |
ý |
ý |
y with acute accent |
þ |
þ |
þ |
Latin small thorn |
ÿ |
ÿ |
ÿ |
y with umlaut |
Currency & Commerce
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
€ |
€ |
€ |
Euro sign |
£ |
£ |
£ |
Pound sterling |
¥ |
¥ |
¥ |
Yen / Yuan sign |
¢ |
¢ |
¢ |
Cent sign |
¤ |
¤ |
¤ |
Generic currency sign |
© |
© |
© |
Copyright |
® |
® |
® |
Registered trademark |
™ |
™ |
™ |
Trademark symbol |
Punctuation & Typography
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
|
|
  |
Non-breaking space |
– |
– |
– |
En dash |
— |
— |
— |
Em dash |
… |
… |
… |
Ellipsis |
' |
‘ |
‘ |
Left single quotation mark |
' |
’ |
’ |
Right single quotation mark |
" |
“ |
“ |
Left double quotation mark |
" |
” |
” |
Right double quotation mark |
« |
« |
« |
Left-pointing double angle quotation |
» |
» |
» |
Right-pointing double angle quotation |
‹ |
‹ |
‹ |
Single left-pointing angle quotation |
› |
› |
› |
Single right-pointing angle quotation |
° |
° |
° |
Degree sign |
· |
· |
· |
Middle dot |
¶ |
¶ |
¶ |
Pilcrow (paragraph) |
§ |
§ |
§ |
Section sign |
• |
• |
• |
Bullet |
† |
† |
† |
Dagger |
‡ |
‡ |
‡ |
Double dagger |
‰ |
‰ |
‰ |
Per mille sign |
Math & Science
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
× |
× |
× |
Multiplication sign |
÷ |
÷ |
÷ |
Division sign |
± |
± |
± |
Plus-minus sign |
− |
− |
− |
Minus sign |
² |
² |
² |
Superscript two |
³ |
³ |
³ |
Superscript three |
¼ |
¼ |
¼ |
Vulgar fraction one quarter |
½ |
½ |
½ |
Vulgar fraction one half |
¾ |
¾ |
¾ |
Vulgar fraction three quarters |
∞ |
∞ |
∞ |
Infinity |
√ |
√ |
√ |
Square root |
∑ |
∑ |
∑ |
N-ary summation |
∏ |
∏ |
∏ |
N-ary product |
∂ |
∂ |
∂ |
Partial differential |
∫ |
∫ |
∫ |
Integral |
≠ |
≠ |
≠ |
Not equal to |
≤ |
≤ |
≤ |
Less-than or equal to |
≥ |
≥ |
≥ |
Greater-than or equal to |
≈ |
≈ |
≈ |
Almost equal to |
∈ |
∈ |
∈ |
Element of |
∉ |
∉ |
∉ |
Not an element of |
∩ |
∩ |
∩ |
Intersection |
∪ |
∪ |
∪ |
Union |
Arrows
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
← |
← |
← |
Leftwards arrow |
→ |
→ |
→ |
Rightwards arrow |
↑ |
↑ |
↑ |
Upwards arrow |
↓ |
↓ |
↓ |
Downwards arrow |
↔ |
↔ |
↔ |
Left right arrow |
↵ |
↵ |
↵ |
Carriage return arrow |
⇐ |
⇐ |
⇐ |
Leftwards double arrow |
⇒ |
⇒ |
⇒ |
Rightwards double arrow |
⇑ |
⇑ |
⇑ |
Upwards double arrow |
⇓ |
⇓ |
⇓ |
Downwards double arrow |
⇔ |
⇔ |
⇔ |
Left right double arrow |
Greek Letters
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
Α |
Α |
Α |
Greek capital Alpha |
Β |
Β |
Β |
Greek capital Beta |
Γ |
Γ |
Γ |
Greek capital Gamma |
Δ |
Δ |
Δ |
Greek capital Delta |
Θ |
Θ |
Θ |
Greek capital Theta |
Λ |
Λ |
Λ |
Greek capital Lambda |
Π |
Π |
Π |
Greek capital Pi |
Σ |
Σ |
Σ |
Greek capital Sigma |
Φ |
Φ |
Φ |
Greek capital Phi |
Ω |
Ω |
Ω |
Greek capital Omega |
α |
α |
α |
Greek small alpha |
β |
β |
β |
Greek small beta |
γ |
γ |
γ |
Greek small gamma |
δ |
δ |
δ |
Greek small delta |
ε |
ε |
ε |
Greek small epsilon |
θ |
θ |
θ |
Greek small theta |
λ |
λ |
λ |
Greek small lambda |
μ |
μ |
μ |
Greek small mu |
π |
π |
π |
Greek small pi |
σ |
σ |
σ |
Greek small sigma |
τ |
τ |
τ |
Greek small tau |
φ |
φ |
φ |
Greek small phi |
ω |
ω |
ω |
Greek small omega |
Miscellaneous Symbols
| Character | Named Entity | Numeric | Description |
|---|---|---|---|
♠ |
♠ |
♠ |
Black spade suit |
♣ |
♣ |
♣ |
Black club suit |
♥ |
♥ |
♥ |
Black heart suit |
♦ |
♦ |
♦ |
Black diamond suit |
◊ |
◊ |
◊ |
Lozenge |
Common Use Cases
- Preventing XSS in web applications: Before rendering user-submitted content (comments, profile bios, form data) inside HTML, always encode it. A user who enters
<script>alert(1)</script>should see that text displayed, not executed. - Writing code examples in HTML documents: When documenting HTML itself, you need to show raw tags as readable text. Encoding
<div class="example">lets it display correctly in a<pre>block without browser interpretation. - Email template development: Many email clients handle HTML differently. Encoding special characters in subject lines, dynamic fields, and body text prevents rendering issues across Gmail, Outlook, and Apple Mail.
- CMS and headless content entry: Pasting encoded content into WordPress, Contentful, or Sanity fields that render raw HTML ensures special characters survive the round-trip from database to browser.
- API response sanitization: When your backend returns user-generated strings that will be embedded in HTML responses, encode them server-side — or use this tool to verify that your encoding logic produces the expected output.
Frequently Asked Questions
What is the difference between HTML encoding and URL encoding?
HTML encoding replaces characters with HTML entity syntax (e.g., < becomes <) so they display safely inside HTML documents. URL encoding percent-encodes characters (e.g., < becomes %3C) so they transmit safely in URLs and query strings. Use HTML encoding when inserting content into HTML; use URL encoding when building links or API requests.
Which encoding mode should I choose?
Use Essential for the vast majority of cases — it prevents XSS and covers all security-critical characters. Modern browsers and UTF-8 pages handle accented characters and symbols natively, so you only need Named Entities or Numeric when working with legacy systems, old email clients, or parsers that don't handle raw Unicode.
Is it safe to use this tool with sensitive data?
Yes. All processing happens entirely in your browser using JavaScript. No text is sent to any server, stored, or logged. You can encode confidential content without any privacy risk.
What is the difference between escape HTML and encode HTML entities?
They refer to the same operation. "Escape" is the verb — you escape a character so it loses its special meaning. "Encode" describes the transformation — you encode it into an entity representation. "HTML escape" and "HTML entity encode" are interchangeable terms for the same process.
Can I use the encoded output directly in JavaScript template literals or JSX?
In JSX and most modern frameworks (React, Svelte, Vue), the framework handles HTML escaping automatically when you use expression bindings like {variable}. Manual encoding is needed when you use dangerouslySetInnerHTML, innerHTML, or when generating raw HTML strings server-side. When in doubt, let the framework escape — only encode manually when you're working at the raw HTML string level.
Resources
- MDN — Character references (HTML entities) — Mozilla's reference for HTML character entities, including the full named entity list.
- OWASP — Cross Site Scripting Prevention Cheat Sheet — Authoritative security guide on when and how to apply HTML encoding to prevent XSS attacks.
