Converter Web ToolsConverter WebTools

HTML Encode

Encode text to HTML quickly and privately. The conversion runs in your browser.

Input
Output
Share Link
Settings
Encode

What is HTML?

HTML encoding converts characters that have special meaning in HTML — such as <, >, &, double quotes and apostrophes — into their HTML entities (for example &lt;, &gt;, &amp;). This makes the characters display as text instead of being interpreted as markup, and it is a key defense against cross-site scripting (XSS) when showing user-supplied content. This tool converts text into safe HTML entities instantly in your browser.

Security tip: HTML-encoding user input before putting it on a page is a core defense against XSS. Encoding runs locally in your browser.

How HTML works

HTML encoding swaps characters that the browser would treat as markup for named or numeric entities:

  1. & becomes &amp; (encoded first so other entities are not double-encoded).
  2. < becomes &lt; and > becomes &gt;.
  3. Double quote becomes &quot; and apostrophe becomes &#39;.
  4. The browser then renders each entity as the literal character instead of interpreting it as a tag or attribute.

How to use

  1. Enter or paste your text in the input box.
  2. The HTML-encoded result appears instantly in the output.
  3. Click Copy to use the encoded value.

Examples

InputHTML-encoded
<b>bold</b>&lt;b&gt;bold&lt;/b&gt;
Tom & JerryTom &amp; Jerry
5 < 105 &lt; 10
say "hi"say &quot;hi&quot;

Options explained

  • Named vs numeric entities — Characters can be encoded as named entities (&amp;lt;) or numeric ones (&amp;#60;).
  • Encode all non-ASCII — Optionally encode every non-ASCII character as a numeric entity for maximum compatibility.

Common uses

  • Escaping user-generated content before displaying it (XSS prevention).
  • Showing code or HTML snippets as text on a web page.
  • Safely embedding special characters in HTML attributes.
  • Preparing content for HTML emails and templates.

Frequently asked questions

Why encode HTML?
To display special characters literally and to prevent XSS by stopping user input from being treated as markup.
What does &amp; mean?
It is the HTML entity for the & character.
How do I decode HTML entities?
Use the HTML Decode tool to turn entities back into normal characters.
Does HTML encoding stop all XSS?
It is a key defense for content placed in HTML, but full XSS protection also requires correct handling in attributes, URLs and scripts.