Toolisk LogoToolisk
🏷️

HTML Entities Encoder & Decoder

Convert special characters to safe HTML entities, or decode them back to plain text. Named, numeric, or hex.

Input

0 chars

Output

Output will appear here…

About this tool

Encode any text to HTML entities or decode entity-encoded text back to plain characters. Supports the full Unicode range with named entities for the common ones (©, —, “) and numeric/hex fallbacks for everything else.

🔄Bidirectional encode and decode
🏷️Named entities (&, ©, —)
🔢Numeric entities (&)
🔠Hex entities (&)
🌐Full Unicode support
Live preview as you type

How to use it

Quick steps to get the most out of this utility.

  1. 1

    Pick encode or decode

    Encode converts plain text to HTML-safe form. Decode reverses it.

  2. 2

    Choose entity style

    Named entities are most readable; numeric/hex are universally compatible.

  3. 3

    Optional: encode all chars

    Useful for obfuscating email addresses against simple scrapers.

  4. 4

    Copy the output

    One click puts the result on your clipboard.

Reserved characters and why we encode

HTML reserves five characters that must be encoded when used as content: & (becomes &amp;),< (&lt;), > (&gt;), " (&quot;), and ' (&#39;). Skipping this is the original sin of XSS — user input that contains a <script> tag will execute in someone else's browser.

Modern frameworks usually handle this

React, Vue, Svelte, Angular, and modern templating engines auto-escape interpolated values. You typically only need manual encoding for raw HTML strings, email body content, RSS feeds, or when bypassing the framework's escape mechanism (e.g. dangerouslySetInnerHTML).

Frequently asked questions

When do I need to HTML-encode characters?+

Whenever you embed user-supplied text into HTML. Without encoding, characters like < > " and & break the markup or open XSS holes. Templating engines usually do this automatically — manual encoding is for emails, hand-written HTML, and legacy systems.

Named, numeric, or hex entities — which should I use?+

Named entities (&amp;, &copy;) are most readable. Numeric entities (&#38;) work everywhere. Hex entities (&#x26;) are common in XML and email headers. Pick based on what your downstream system parses cleanly.

Why does my email show "’" instead of an apostrophe?+

That's a UTF-8 string being read as Latin-1 (or vice versa). The fix is making sure both sides agree on encoding — declare charset=utf-8 in headers and meta tags. HTML-encoding the smart quote (&rsquo;) avoids the issue entirely.

Keep exploring

More utilities and reading from Toolisk.