HTML Entity Encode / Decode

How to Use the HTML Entity Encoder/Decoder

1. Pick Encode or Decode using the mode toggle. Encode turns characters like <, >, &, ", and apostrophe into HTML entities; Decode reverses the process, turning < back into <.
2. Paste or type text in the input pane. The output updates on every keystroke, so you see the transformation in real time without clicking anything.
3. Toggle "Encode all non-ASCII" if you need every character above code point 127 (accented letters, emoji, CJK) turned into numeric entities. Leave it off to keep only the five XML special characters encoded.
4. Use the Swap button to move the output back into the input and flip the mode. That lets you round-trip a string to confirm your encoding is lossless.

What the Codec Does and How

The encoder scans the input string character by character. For each character it checks against a replacement table. The default table covers the five XML predefined entities: & becomes &, < becomes <, > becomes >, " becomes ", and the apostrophe becomes ' (the named entity ' is valid XML but was historically missing in older HTML, so the numeric form is safer). With "Encode all non-ASCII" enabled, any character with a code point above 127 emits &#code; in decimal.

The decoder handles three entity forms: named entities from the HTML named character references list (©, €, —, and over 2,000 others), decimal numeric references (©), and hexadecimal numeric references (©). Any sequence that is not a recognised entity is left untouched. Surrogate pairs in the numeric form are assembled into single code points, so entities like 😀 correctly decode to the smiling emoji.

When You Need This

• Pasting a code snippet containing < or > into an HTML page without breaking the surrounding markup.
• Preparing a string for safe inclusion in an XML document (SOAP request, SVG, Atom feed) where the five reserved characters must be encoded.
• Cleaning up text extracted from an older CMS where everything was stored as entities and you want plain Unicode back.
• Debugging why a web page shows & three times over - usually a double-encoding bug you can unwind with repeat Decode passes.
• Producing ASCII-only content for a system (legacy SMTP, old SMS gateways) that cannot reliably carry UTF-8.
• Encoding a long paste that contains every punctuation flavor to see which ones need escaping in your target format.

Gotchas

• The apostrophe. ' was added to HTML5 but was absent in HTML4, so older tools may not recognise it. The encoder uses the numeric form ' for maximum compatibility across HTML 4 and XML 1.0.
• Semicolons are required. Modern browsers forgive missing terminators on legacy entities (&copy without ;), but a strict XML parser will reject them. When in doubt, include the semicolon.
• Numeric bounds. HTML numeric character references above 0x10FFFF are invalid. The decoder silently drops out-of-range values rather than attempting a best-effort conversion.
• Surrogate pairs. UTF-16 surrogate halves (0xD800 to 0xDFFF) should not appear as standalone entities. If your input has them, the decoder outputs the replacement character U+FFFD to signal the problem.
• Double-encoded input. < is a string where an ampersand was encoded on top of an already-encoded entity. One decode pass yields <; a second pass yields <. Re-run decode until the output stops changing.

Spec Background

HTML character references are defined in the WHATWG\'s HTML Living Standard, specifically the "Named character references" and "Character reference state" sections of the tokenizer. The canonical list of named entities lives at html.spec.whatwg.org and contains just over 2,000 entries, some of which are legacy compatibility with or without trailing semicolons. XML 1.0, section 4.6, defines only the five predefined entities (amp, lt, gt, quot, apos) and requires every other entity to be declared in a DTD. That difference is why a string that decodes cleanly in a browser may fail in an XML parser - the XML parser has no implicit knowledge of ©. Numeric character references work identically in both standards.

Similar Tools

The html package on npm wraps the same entity tables and is a drop-in replacement if you need this logic in a Node script. Python\'s html module in the standard library (html.escape and html.unescape) covers the same use cases. sed or awk can do a quick five-entity escape but cannot handle the full named-entity dictionary. Chrome DevTools\' Console lets you use document.createElement("textarea") to coerce a string through the browser\'s own entity decoder - fast for one-off decoding. This in-browser tool saves you the ceremony of any of those when you just need one quick round-trip.