Dev · Live
HTML Entity Encoder & Decoder,
escape, unescape & reference.
Encode plain text into safe HTML entities or decode entity strings back to readable characters. Choose from named, decimal, or hexadecimal formats. Includes a full reference table of common entities with one-click copy.
Input chars
135
Output chars
213
Entities
23
Size change
+57.8%
Reference
Common HTML entities — click to copy
35 entities
| Char | Entity | Description | Decimal | Hex | Copy |
|---|---|---|---|---|---|
| & | & | Ampersand (HTML-required) | &##38; | & | |
| < | < | Less-than / open tag | &##60; | < | |
| > | > | Greater-than / close tag | &##62; | > | |
| " | " | Double quotation mark | &##34; | " | |
| ' | ' | Apostrophe / single quote | &##39; | ' | |
| · | | Non-breaking space | &##160; |   | |
| © | © | Copyright sign | &##169; | © | |
| ® | ® | Registered trademark | &##174; | ® | |
| ™ | ™ | Trademark symbol | &##8482; | ™ | |
| € | € | Euro sign | &##8364; | € | |
| £ | £ | Pound sterling | &##163; | £ | |
| ¥ | ¥ | Yen / Yuan sign | &##165; | ¥ | |
| ¢ | ¢ | Cent sign | &##162; | ¢ | |
| ° | ° | Degree symbol | &##176; | ° | |
| ± | ± | Plus-minus sign | &##177; | ± | |
| × | × | Multiplication sign | &##215; | × | |
| ÷ | ÷ | Division sign | &##247; | ÷ | |
| ½ | ½ | Vulgar fraction one half | &##189; | ½ | |
| ¼ | ¼ | Vulgar fraction one quarter | &##188; | ¼ | |
| ¾ | ¾ | Three quarters | &##190; | ¾ | |
| – | – | En dash | &##8211; | – | |
| — | — | Em dash | &##8212; | — | |
| … | … | Ellipsis | &##8230; | … | |
| • | • | Bullet point | &##8226; | • | |
| “ | “ | Left double quotation | &##8220; | “ | |
| ” | ” | Right double quotation | &##8221; | ” | |
| ← | ← | Leftward arrow | &##8592; | ← | |
| → | → | Rightward arrow | &##8594; | → | |
| ↑ | ↑ | Upward arrow | &##8593; | ↑ | |
| ↓ | ↓ | Downward arrow | &##8595; | ↓ | |
| ∞ | ∞ | Infinity | &##8734; | ∞ | |
| √ | √ | Square root | &##8730; | √ | |
| ≤ | ≤ | Less than or equal to | &##8804; | ≤ | |
| ≥ | ≥ | Greater than or equal to | &##8805; | ≥ | |
| ≠ | ≠ | Not equal to | &##8800; | ≠ |
Entity guide
What are HTML entities and when do you need them?
What is an HTML entity?
An HTML entity is a string of characters that represents a single character in HTML markup. Entities exist because certain characters have special meaning in HTML syntax — specifically <, >,&, and " — and inserting them literally in HTML markup would be interpreted by the browser as structural HTML rather than as content.
Entities also allow you to include characters that are difficult or impossible to type on a standard keyboard, such as typographic punctuation (— → —), mathematical symbols (∞→ ∞), currency signs (€ → €), and accented Latin characters.
The three entity formats
HTML supports three ways to reference any character:
- Named entities (e.g.,
&,©,—): human-readable names defined in the HTML specification. Not every Unicode character has a named entity — only those explicitly defined in the HTML5 reference. - Decimal numeric character references (e.g.,
&,—): the decimal Unicode code point of the character, prefixed with&#and terminated with;. Works for any Unicode code point. - Hexadecimal numeric character references (e.g.,
&,—): same as decimal but using hexadecimal, prefixed with&#x. Also works for any Unicode code point. Thexprefix is case-insensitive; some sources use uppercaseX.
All three formats produce identical output — the browser renders the same character regardless of which form was used. Named entities are most readable for authors; numeric references are more portable.
The four essential escapes
For safe display of user-generated or dynamic content in HTML, four characters must always be escaped:
&→&: The ampersand introduces every entity reference. An unescaped&followed by a letter may be misinterpreted as an entity by browsers. Always escape it first, before escaping any other character, to avoid double-encoding.<→<: Opens an HTML tag. An unescaped<in text content starts a tag and can cause the browser to interpret following text as markup, breaking the page and potentially introducing XSS vulnerabilities.>→>: Closes an HTML tag. Technically optional in text content but required inside element attributes and recommended everywhere for consistency."→": Required inside double-quoted HTML attribute values. Also use'or'for apostrophes inside single-quoted attribute values.
HTML entities and XSS security
Failing to encode user-supplied content before inserting it into HTML is one of the most common causes of Cross-Site Scripting (XSS) vulnerabilities, which rank consistently in the OWASP Top 10 web application security risks. An attacker who can inject an unescaped <script> tag into a page can execute arbitrary JavaScript in the victim's browser.
The solution is context-dependent escaping:
- In HTML element content: escape
&,<, and>at minimum. - In HTML attribute values: also escape
"(or'for single-quoted attributes). Better still: use double-quoted attributes and always escape&,<,>, and". - In JavaScript strings embedded in HTML: use JSON-encoding or a dedicated JS escape function — HTML entity encoding is not sufficient in a JavaScript context.
- In CSS values: use CSS-specific escaping; HTML entities are not valid in CSS contexts.
Modern templating frameworks (React, Vue, Angular, Svelte) automatically HTML-escape text content by default. Raw HTML injection viadangerouslySetInnerHTML (React), v-html (Vue), or [innerHTML] (Angular) bypasses this protection and must only be used with fully sanitised, trusted HTML.
Non-breaking spaces and typographic entities
(non-breaking space, U+00A0) is one of the most commonly used HTML entities in content. Unlike a regular space, a non-breaking space prevents a line break at that position and is often used to keep a number and its unit on the same line (e.g., "100 km"). Note that has a slightly different width than a regular space and may affect justification; use it only where the no-break behaviour is actually needed.
Typographic punctuation entities — — (em dash —),– (en dash –), …(ellipsis …), ‘ / ’(curly quotes) — improve the typographic quality of content when generated HTML cannot use the literal Unicode character directly. In UTF-8 encoded HTML5, literal Unicode is generally preferred; entity references are more relevant when the source encoding is restricted.
Encoding scope: when to encode more than the essentials
The minimum safe set for HTML content is the four essential characters above. Extended encoding adds named entities for all recognised non-ASCII characters, useful when:
- The HTML document's character encoding is not specified as UTF-8 and may not correctly represent non-ASCII characters. Encoding them as entities removes any ambiguity.
- Content will be inserted into email HTML, where email clients may apply non-UTF-8 encodings or strip the
<meta charset>declaration. - You are debugging a character encoding issue and want to confirm exactly which Unicode code points are present in your content.
Full encoding (all characters, including ASCII) is mostly a debugging tool or used in specific legacy environments. It produces significantly larger output and offers no security benefit over essential-only encoding in modern UTF-8 HTML.