Non ASCII characters pass through unchanged here; only HTML-significant ASCII is escaped.

Quotes are escaped for attribute safety; validate your full pipeline.

Use the HTML decode tool paired with this one.

Prefer encoding at render time in your stack; this page is for quick checks.

HTML Encode Online – Escape HTML Entities for Safe Text

Embed user content safely in HTML templates by escaping markup-significant characters first. This HTML encode step complements framework sanitizers for quick checks.

Text

Encoded

Related tools

HTML decode
URL encode

How it works

& becomes &, < becomes <, > becomes >, quotes become entity forms.

Use this before inserting user text into templates.

XSS

Encoding user input for HTML context is part of defense in depth; still follow framework defaults.

Context matters

Entity escaping for HTML text is different from URL or JS string contexts.

Common questions

All Unicode?: Non ASCII characters pass through unchanged here; only HTML-significant ASCII is escaped.
Attribute context?: Quotes are escaped for attribute safety; validate your full pipeline.
Decode?: Use the HTML decode tool paired with this one.
Server side?: Prefer encoding at render time in your stack; this page is for quick checks.